2 files changed, 79 insertions, 2 deletions

diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index a4f21adae..99da8eb53 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: admin_request_controller.rb,v 1.16 2008-07-28 18:04:38 francis Exp $
+# $Id: admin_request_controller.rb,v 1.17 2008-09-02 17:44:14 francis Exp $
 
 class AdminRequestController < ApplicationController
     layout "admin"
@@ -142,6 +142,42 @@ class AdminRequestController < ApplicationController
         redirect_to request_admin_url(destination_request)
     end
 
+    def generate_upload_url
+        info_request = InfoRequest.find(params[:id])
+
+        if params[:incoming_message_id]
+            incoming_message = IncomingMessage.find(params[:incoming_message_id])
+            email = incoming_message.mail.from_addrs[0].address
+            name = incoming_message.safe_mail_from || info_request.public_body.name
+        else
+            email = info_request.public_body.request_email
+            name = info_request.public_body.name
+        end
+
+        user = User.find_user_by_email(email)
+        if not user
+            user = User.new(:name => name, :email => email, :password => PostRedirect.generate_random_token)
+            user.save!
+        end
+
+        if !info_request.public_body.is_foi_officer?(user)
+            flash[:notice] = user.email + " is not an email at the domain @" + info_request.public_body.foi_officer_domain_required + ", so won't be able to upload."
+            redirect_to request_admin_url(info_request)
+            return
+        end
+
+        # Bejeeps, look, sometimes a URL is something that belongs in a model, jesus.
+        # XXX hammer this square peg into the round MVC hole - should be calling main_url(upload_response_url())
+        post_redirect = PostRedirect.new(
+            :uri => upload_response_url(:url_title => info_request.url_title),
+            :user_id => user.id)
+        post_redirect.save!
+        url = confirm_url(:email_token => post_redirect.email_token)
+
+        flash[:notice] = 'Send "' + name + '" &lt;<a href="mailto:' + email + '">' + email + '</a>&gt; this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request."
+        redirect_to request_admin_url(info_request)
+    end
+
     private
 
 end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index ac025b94a..3a66af95c 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: request_controller.rb,v 1.103 2008-09-02 14:57:31 francis Exp $
+# $Id: request_controller.rb,v 1.104 2008-09-02 17:44:14 francis Exp $
 
 class RequestController < ApplicationController
     
@@ -345,5 +345,46 @@ class RequestController < ApplicationController
         render :text => @attachment.body
     end
 
+    # FOI officers can upload a response
+    def upload_response
+        @info_request = InfoRequest.find_by_url_title(params[:url_title])
+
+        @reason_params = {
+                :web => "To upload a response, you must be logged in using an email address from " +  CGI.escapeHTML(@info_request.public_body.name),
+                :email => "Then you can upload an FOI response. ",
+                :email_subject => "Confirm your account on WhatDoTheyKnow.com"
+        }
+        if !authenticated?(@reason_params)
+            return
+        end
+
+        if !@info_request.public_body.is_foi_officer?(@user)
+            @reason_params[:user_name] = "an email @" + @info_request.public_body.foi_officer_domain_required
+            render :template => 'user/wrong_user'
+            return
+        end
+
+        if params[:submitted_upload_response]
+            file_name = nil
+            file_content = nil
+            if params[:file_1].class.to_s == "ActionController::UploadedTempfile"
+                file_name = params[:file_1].original_filename
+                file_content = params[:file_1].read
+            end
+            body = params[:body] || ""
+
+            if file_name.nil? && body.empty?
+                flash[:error] = "Please type a message and/or choose a file containing your response."
+                return
+            end
+
+            mail = RequestMailer.create_fake_response(@info_request, @user, body, file_name, file_content)
+            @info_request.receive(mail, mail.encoded)
+            flash[:notice] = "Thank you for responding to this FOI request! Your response has been published below, and a link to your response has been emailed to " + CGI.escapeHTML(@info_request.user.name) + "."
+            redirect_to request_url(@info_request)
+            return
+        end
+    end
+
 end