aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_censor_rule_controller.rb12
-rw-r--r--app/controllers/admin_controller.rb4
-rw-r--r--app/controllers/admin_general_controller.rb18
-rw-r--r--app/controllers/admin_public_body_controller.rb4
-rw-r--r--app/controllers/admin_request_controller.rb49
-rw-r--r--app/controllers/admin_track_controller.rb1
-rw-r--r--app/controllers/admin_user_controller.rb12
-rw-r--r--app/controllers/api_controller.rb76
-rw-r--r--app/controllers/application_controller.rb65
-rw-r--r--app/controllers/general_controller.rb100
-rw-r--r--app/controllers/help_controller.rb3
-rw-r--r--app/controllers/public_body_controller.rb8
-rw-r--r--app/controllers/request_controller.rb90
-rw-r--r--app/controllers/services_controller.rb6
-rw-r--r--app/controllers/track_controller.rb2
-rw-r--r--app/controllers/user_controller.rb2
16 files changed, 244 insertions, 208 deletions
diff --git a/app/controllers/admin_censor_rule_controller.rb b/app/controllers/admin_censor_rule_controller.rb
index 5381921bf..f6abc70df 100644
--- a/app/controllers/admin_censor_rule_controller.rb
+++ b/app/controllers/admin_censor_rule_controller.rb
@@ -26,9 +26,9 @@ class AdminCensorRuleController < AdminController
end
flash[:notice] = 'CensorRule was successfully created.'
if !@censor_rule.info_request.nil?
- redirect_to admin_url('request/show/' + @censor_rule.info_request.id.to_s)
+ redirect_to admin_request_show_url(@censor_rule.info_request)
elsif !@censor_rule.user.nil?
- redirect_to admin_url('user/show/' + @censor_rule.user.id.to_s)
+ redirect_to admin_user_show_url(@censor_rule.user)
else
raise "internal error"
end
@@ -53,9 +53,9 @@ class AdminCensorRuleController < AdminController
end
flash[:notice] = 'CensorRule was successfully updated.'
if !@censor_rule.info_request.nil?
- redirect_to admin_url('request/show/' + @censor_rule.info_request.id.to_s)
+ redirect_to admin_request_show_url(@censor_rule.info_request)
elsif !@censor_rule.user.nil?
- redirect_to admin_url('user/show/' + @censor_rule.user.id.to_s)
+ redirect_to admin_user_show_url(@censor_rule.user)
else
raise "internal error"
end
@@ -79,9 +79,9 @@ class AdminCensorRuleController < AdminController
flash[:notice] = "CensorRule was successfully destroyed."
if !info_request.nil?
- redirect_to admin_url('request/show/' + info_request.id.to_s)
+ redirect_to admin_request_show_url(info_request)
elsif !user.nil?
- redirect_to admin_url('user/show/' + user.id.to_s)
+ redirect_to admin_user_show_url(user)
else
raise "internal error"
end
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index d7933b212..d93e68dab 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -28,6 +28,10 @@ class AdminController < ApplicationController
cache_subpath = foi_fragment_cache_all_for_request(info_request)
FileUtils.rm_rf(cache_subpath)
+ # Remove any download zips
+ download_dir = request_download_zip_dir(info_request)
+ FileUtils.rm_rf(download_dir)
+
# Remove the database caches of body / attachment text (the attachment text
# one is after privacy rules are applied)
info_request.clear_in_database_caches!
diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb
index 9f4c398c1..800678787 100644
--- a/app/controllers/admin_general_controller.rb
+++ b/app/controllers/admin_general_controller.rb
@@ -5,6 +5,8 @@
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
class AdminGeneralController < AdminController
+ skip_before_filter :authenticate, :only => :admin_js
+
def index
# ensure we have a trailing slash
current_uri = request.env['REQUEST_URI']
@@ -115,6 +117,17 @@ class AdminGeneralController < AdminController
end
def stats
+ # Overview counts of things
+ @public_body_count = PublicBody.count
+
+ @info_request_count = InfoRequest.count
+ @outgoing_message_count = OutgoingMessage.count
+ @incoming_message_count = IncomingMessage.count
+
+ @user_count = User.count
+ @track_thing_count = TrackThing.count
+
+ @comment_count = Comment.count
@request_by_state = InfoRequest.count(:group => 'described_state')
@tracks_by_type = TrackThing.count(:group => 'track_type')
end
@@ -128,5 +141,10 @@ class AdminGeneralController < AdminController
@github_origin = "https://github.com/#{repo}/tree/"
@request_env = request.env
end
+
+ # TODO: Remove this when support for proxy admin interface is removed
+ def admin_js
+ render :layout => false, :content_type => "application/javascript"
+ end
end
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb
index ac12e97b2..bb5e98852 100644
--- a/app/controllers/admin_public_body_controller.rb
+++ b/app/controllers/admin_public_body_controller.rb
@@ -92,7 +92,7 @@ class AdminPublicBodyController < AdminController
@public_body = PublicBody.new(params[:public_body])
if @public_body.save
flash[:notice] = 'PublicBody was successfully created.'
- redirect_to admin_url('body/show/' + @public_body.id.to_s)
+ redirect_to admin_body_show_url(@public_body)
else
render :action => 'new'
end
@@ -111,7 +111,7 @@ class AdminPublicBodyController < AdminController
@public_body = PublicBody.find(params[:id])
if @public_body.update_attributes(params[:public_body])
flash[:notice] = 'PublicBody was successfully updated.'
- redirect_to admin_url('body/show/' + @public_body.id.to_s)
+ redirect_to admin_body_show_url(@public_body)
else
render :action => 'edit'
end
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index 6b6a8525e..d84b44b6f 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -42,7 +42,7 @@ class AdminRequestController < AdminController
vars = OpenStruct.new(:name_to => @info_request.user_name,
:name_from => Configuration::contact_name,
:info_request => @info_request, :reason => params[:reason],
- :info_request_url => 'http://' + Configuration::domain + request_url(@info_request),
+ :info_request_url => 'http://' + Configuration::domain + request_path(@info_request),
:site_name => site_name)
template = File.read(File.join(File.dirname(__FILE__), "..", "views", "admin_request", "hidden_user_explanation.rhtml"))
@request_hidden_user_explanation = ERB.new(template).result(vars.instance_eval { binding })
@@ -52,7 +52,7 @@ class AdminRequestController < AdminController
@outgoing_message = OutgoingMessage.find(params[:outgoing_message_id])
@outgoing_message.resend_message
flash[:notice] = "Outgoing message resent"
- redirect_to request_admin_url(@outgoing_message.info_request)
+ redirect_to admin_request_show_url(@outgoing_message.info_request)
end
def edit
@@ -98,7 +98,7 @@ class AdminRequestController < AdminController
# expire cached files
expire_for_request(@info_request)
flash[:notice] = 'Request successfully updated.'
- redirect_to request_admin_url(@info_request)
+ redirect_to admin_request_show_url(@info_request)
else
render :action => 'edit'
end
@@ -114,7 +114,7 @@ class AdminRequestController < AdminController
# expire cached files
expire_for_request(@info_request)
flash[:notice] = "Request #{url_title} has been completely destroyed. Email of user who made request: " + user.email
- redirect_to admin_url('request/list')
+ redirect_to admin_request_list_url
end
def edit_outgoing
@@ -131,7 +131,7 @@ class AdminRequestController < AdminController
{ :editor => admin_current_user(), :deleted_outgoing_message_id => outgoing_message_id })
flash[:notice] = 'Outgoing message successfully destroyed.'
- redirect_to request_admin_url(@info_request)
+ redirect_to admin_request_show_url(@info_request)
end
def update_outgoing
@@ -144,7 +144,7 @@ class AdminRequestController < AdminController
{ :outgoing_message_id => @outgoing_message.id, :editor => admin_current_user(),
:old_body => old_body, :body => @outgoing_message.body })
flash[:notice] = 'Outgoing message successfully updated.'
- redirect_to request_admin_url(@outgoing_message.info_request)
+ redirect_to admin_request_show_url(@outgoing_message.info_request)
else
render :action => 'edit_outgoing'
end
@@ -168,7 +168,7 @@ class AdminRequestController < AdminController
:old_visible => old_visible, :visible => @comment.visible,
})
flash[:notice] = 'Comment successfully updated.'
- redirect_to request_admin_url(@comment.info_request)
+ redirect_to admin_request_show_url(@comment.info_request)
else
render :action => 'edit_comment'
end
@@ -186,7 +186,7 @@ class AdminRequestController < AdminController
# expire cached files
expire_for_request(@info_request)
flash[:notice] = 'Incoming message successfully destroyed.'
- redirect_to request_admin_url(@info_request)
+ redirect_to admin_request_show_url(@info_request)
end
def redeliver_incoming
@@ -203,12 +203,11 @@ class AdminRequestController < AdminController
end
if destination_request.nil?
flash[:error] = "Failed to find destination request '" + m + "'"
- return redirect_to request_admin_url(previous_request)
+ return redirect_to admin_request_show_url(previous_request)
end
raw_email_data = incoming_message.raw_email.data
- mail = TMail::Mail.parse(raw_email_data)
- mail.base64_decode
+ mail = MailHandler.mail_from_raw_email(raw_email_data)
destination_request.receive(mail, raw_email_data, true)
incoming_message_id = incoming_message.id
@@ -224,7 +223,7 @@ class AdminRequestController < AdminController
expire_for_request(previous_request)
incoming_message.fully_destroy
end
- redirect_to request_admin_url(destination_request)
+ redirect_to admin_request_show_url(destination_request)
end
# change user or public body of a request magically
@@ -247,7 +246,7 @@ class AdminRequestController < AdminController
info_request.reindex_request_events
flash[:notice] = "Message has been moved to new user"
end
- redirect_to request_admin_url(info_request)
+ redirect_to admin_request_show_url(info_request)
elsif params[:commit] == 'Move request to authority' && !params[:public_body_url_name].blank?
old_public_body = info_request.public_body
destination_public_body = PublicBody.find_by_url_name(params[:public_body_url_name])
@@ -266,10 +265,10 @@ class AdminRequestController < AdminController
flash[:notice] = "Request has been moved to new body"
end
- redirect_to request_admin_url(info_request)
+ redirect_to admin_request_show_url(info_request)
else
flash[:error] = "Please enter the user or authority to move the request to"
- redirect_to request_admin_url(info_request)
+ redirect_to admin_request_show_url(info_request)
end
end
@@ -278,7 +277,7 @@ class AdminRequestController < AdminController
if params[:incoming_message_id]
incoming_message = IncomingMessage.find(params[:incoming_message_id])
- email = incoming_message.from_address
+ email = incoming_message.from_email
name = incoming_message.safe_mail_from || info_request.public_body.name
else
email = info_request.public_body.request_email
@@ -293,20 +292,20 @@ class AdminRequestController < AdminController
if !info_request.public_body.is_foi_officer?(user)
flash[:notice] = user.email + " is not an email at the domain @" + info_request.public_body.foi_officer_domain_required + ", so won't be able to upload."
- redirect_to request_admin_url(info_request)
+ redirect_to admin_request_show_url(info_request)
return
end
# Bejeeps, look, sometimes a URL is something that belongs in a controller, jesus.
- # XXX hammer this square peg into the round MVC hole - should be calling main_url(upload_response_url())
+ # XXX hammer this square peg into the round MVC hole
post_redirect = PostRedirect.new(
- :uri => main_url(upload_response_url(:url_title => info_request.url_title, :only_path => true)),
+ :uri => upload_response_url(:url_title => info_request.url_title),
:user_id => user.id)
post_redirect.save!
- url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true))
+ url = confirm_url(:email_token => post_redirect.email_token)
- flash[:notice] = 'Send "' + name + '" &lt;<a href="mailto:' + email + '">' + email + '</a>&gt; this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request."
- redirect_to request_admin_url(info_request)
+ flash[:notice] = ("Send \"#{name}\" &lt;<a href=\"mailto:#{email}\">#{email}</a>&gt; this URL: <a href=\"#{url}\">#{url}</a> - it will log them in and let them upload a response to this request.").html_safe
+ redirect_to admin_request_show_url(info_request)
end
def show_raw_email
@@ -356,7 +355,7 @@ class AdminRequestController < AdminController
info_request_event.save!
flash[:notice] = "Old response marked as having been a clarification"
- redirect_to request_admin_url(info_request_event.info_request)
+ redirect_to admin_request_show_url(info_request_event.info_request)
end
def hide_request
@@ -380,7 +379,7 @@ class AdminRequestController < AdminController
ContactMailer.deliver_from_admin_message(
info_request.user,
subject,
- params[:explanation]
+ params[:explanation].strip.html_safe
)
flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
else
@@ -388,7 +387,7 @@ class AdminRequestController < AdminController
end
# expire cached files
expire_for_request(info_request)
- redirect_to request_admin_url(info_request)
+ redirect_to admin_request_show_url(info_request)
end
end
diff --git a/app/controllers/admin_track_controller.rb b/app/controllers/admin_track_controller.rb
index 03217da45..525c96782 100644
--- a/app/controllers/admin_track_controller.rb
+++ b/app/controllers/admin_track_controller.rb
@@ -9,6 +9,7 @@ class AdminTrackController < AdminController
@query = params[:query]
@admin_tracks = TrackThing.paginate :order => "created_at desc", :page => params[:page], :per_page => 100,
:conditions => @query.nil? ? nil : ["lower(track_query) like lower('%'||?||'%')", @query ]
+ @popular = ActiveRecord::Base.connection.select_all("select count(*) as count, title, info_request_id from track_things join info_requests on info_request_id = info_requests.id where info_request_id is not null group by info_request_id, title order by count desc limit 10;")
end
private
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index ed20ddcf4..feffa208e 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -48,7 +48,7 @@ class AdminUserController < AdminController
if @admin_user.valid?
@admin_user.save!
flash[:notice] = 'User successfully updated.'
- redirect_to user_admin_url(@admin_user)
+ redirect_to admin_user_show_url(@admin_user)
else
render :action => 'edit'
end
@@ -58,7 +58,7 @@ class AdminUserController < AdminController
track_thing = TrackThing.find(params[:track_id].to_i)
track_thing.destroy
flash[:notice] = 'Track destroyed'
- redirect_to user_admin_url(track_thing.tracking_user)
+ redirect_to admin_user_show_url(track_thing.tracking_user)
end
def clear_bounce
@@ -66,15 +66,15 @@ class AdminUserController < AdminController
user.email_bounced_at = nil
user.email_bounce_message = ""
user.save!
- redirect_to user_admin_url(user)
+ redirect_to admin_user_show_url(user)
end
def login_as
@admin_user = User.find(params[:id]) # check user does exist
- post_redirect = PostRedirect.new( :uri => main_url(user_url(@admin_user)), :user_id => @admin_user.id, :circumstance => "login_as" )
+ post_redirect = PostRedirect.new( :uri => user_url(@admin_user), :user_id => @admin_user.id, :circumstance => "login_as" )
post_redirect.save!
- url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true))
+ url = confirm_url(:email_token => post_redirect.email_token)
redirect_to url
end
@@ -91,7 +91,7 @@ class AdminUserController < AdminController
end
flash[:notice] = "Profile photo cleared"
- redirect_to user_admin_url(@admin_user)
+ redirect_to admin_user_show_url(@admin_user)
end
private
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index aa5e85db3..5d8ceb888 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,30 +1,30 @@
class ApiController < ApplicationController
before_filter :check_api_key
-
+
def show_request
@request = InfoRequest.find(params[:id])
raise PermissionDenied if @request.public_body_id != @public_body.id
-
+
@request_data = {
:id => @request.id,
:url => make_url("request", @request.url_title),
:title => @request.title,
-
+
:created_at => @request.created_at,
:updated_at => @request.updated_at,
-
+
:status => @request.calculate_status,
-
+
:public_body_url => make_url("body", @request.public_body.url_name),
:requestor_url => make_url("user", @request.user.url_name),
:request_email => @request.incoming_email,
-
+
:request_text => @request.last_event_forming_initial_request.outgoing_message.body,
}
-
+
render :json => @request_data
end
-
+
def create_request
json = ActiveSupport::JSON.decode(params[:request_json])
request = InfoRequest.new(
@@ -34,7 +34,7 @@ class ApiController < ApplicationController
:external_user_name => json["external_user_name"],
:external_url => json["external_url"]
)
-
+
outgoing_message = OutgoingMessage.new(
:status => 'ready',
:message_type => 'initial_request',
@@ -44,7 +44,7 @@ class ApiController < ApplicationController
:info_request => request
)
request.outgoing_messages << outgoing_message
-
+
# Return an error if the request is invalid
# (Can this ever happen?)
if !request.valid?
@@ -53,7 +53,7 @@ class ApiController < ApplicationController
}
return
end
-
+
# Save the request, and add the corresponding InfoRequestEvent
request.save!
request.log_event("sent",
@@ -62,69 +62,69 @@ class ApiController < ApplicationController
:outgoing_message_id => outgoing_message.id,
:smtp_message_id => nil
)
-
+
# Return the URL and ID number.
render :json => {
'url' => make_url("request", request.url_title),
'id' => request.id
}
-
+
end
-
+
def add_correspondence
request = InfoRequest.find_by_id(params[:id])
if request.nil?
render :json => { "errors" => ["Could not find request #{params[:id]}"] }, :status => 404
return
end
-
+
json = ActiveSupport::JSON.decode(params[:correspondence_json])
attachments = params[:attachments]
-
+
direction = json["direction"]
body = json["body"]
sent_at_str = json["sent_at"]
-
+
errors = []
-
+
if !request.is_external?
render :json => { "errors" => ["Request #{params[:id]} cannot be updated using the API"] }, :status => 500
return
end
-
+
if request.public_body_id != @public_body.id
render :json => { "errors" => ["You do not own request #{params[:id]}"] }, :status => 500
return
end
-
+
if !["request", "response"].include?(direction)
errors << "The direction parameter must be 'request' or 'response'"
end
-
+
if body.nil?
errors << "The 'body' is missing"
elsif body.empty?
errors << "The 'body' is empty"
end
-
+
begin
sent_at = Time.iso8601(sent_at_str)
rescue ArgumentError
errors << "Failed to parse 'sent_at' field as ISO8601 time: #{sent_at_str}"
end
-
+
if direction == "request" && !attachments.nil?
errors << "You cannot attach files to messages in the 'request' direction"
end
-
+
if !errors.empty?
render :json => { "errors" => errors }, :status => 500
return
end
-
+
if direction == "request"
# In the 'request' direction, i.e. what we (Alaveteli) regard as outgoing
-
+
outgoing_message = OutgoingMessage.new(
:info_request => request,
:status => 'ready',
@@ -154,19 +154,19 @@ class ApiController < ApplicationController
:filename => filename
)
end
-
+
mail = RequestMailer.create_external_response(request, body, sent_at, attachment_hashes)
request.receive(mail, mail.encoded, true)
end
render :json => {
'url' => make_url("request", request.url_title),
- }
+ }
end
-
+
def body_request_events
feed_type = params[:feed_type]
raise PermissionDenied.new("#{@public_body.id} != #{params[:id]}") if @public_body.id != params[:id].to_i
-
+
since_date_str = params[:since_date]
if since_date_str.nil?
@events = InfoRequestEvent.find_by_sql([
@@ -213,24 +213,24 @@ class ApiController < ApplicationController
@event_data = []
@events.each do |event|
break if event.id == @since_event_id
-
+
request = event.info_request
this_event = {
:request_id => request.id,
:event_id => event.id,
:created_at => event.created_at.iso8601,
:event_type => event.event_type,
- :request_url => main_url(request_url(request)),
+ :request_url => request_url(request),
:request_email => request.incoming_email,
:title => request.title,
:body => event.outgoing_message.body,
-
+
:user_name => request.user_name,
}
if request.user
- this_event[:user_url] = main_url(user_url(request.user))
+ this_event[:user_url] = user_url(request.user)
end
-
+
@event_data.push(this_event)
end
render :json => @event_data
@@ -238,14 +238,14 @@ class ApiController < ApplicationController
raise ActiveRecord::RecordNotFound.new("Unrecognised feed type: #{feed_type}")
end
end
-
+
protected
def check_api_key
- raise "Missing required parameter 'k'" if params[:k].nil?
+ raise PermissionDenied.new("Missing required parameter 'k'") if params[:k].nil?
@public_body = PublicBody.find_by_api_key(params[:k].gsub(' ', '+'))
raise PermissionDenied if @public_body.nil?
end
-
+
private
def make_url(*args)
"http://" + Configuration::domain + "/" + args.join("/")
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 3f3c169ae..f3deeb64a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -54,10 +54,15 @@ class ApplicationController < ActionController::Base
end
def set_gettext_locale
+ if Configuration::include_default_locale_in_urls == false
+ params_locale = params[:locale] ? params[:locale] : I18n.default_locale
+ else
+ params_locale = params[:locale]
+ end
if Configuration::use_default_browser_language
- requested_locale = params[:locale] || session[:locale] || cookies[:locale] || request.env['HTTP_ACCEPT_LANGUAGE'] || I18n.default_locale
+ requested_locale = params_locale || session[:locale] || cookies[:locale] || request.env['HTTP_ACCEPT_LANGUAGE'] || I18n.default_locale
else
- requested_locale = params[:locale] || session[:locale] || cookies[:locale] || I18n.default_locale
+ requested_locale = params_locale || session[:locale] || cookies[:locale] || I18n.default_locale
end
requested_locale = FastGettext.best_locale_in(requested_locale)
session[:locale] = FastGettext.set_locale(requested_locale)
@@ -117,17 +122,14 @@ class ApplicationController < ActionController::Base
# Override default error handler, for production sites.
def rescue_action_in_public(exception)
- # Call `set_view_paths` from the theme, if it exists.
+ # Looks for before_filters called something like `set_view_paths_{themename}`. These
+ # are set by the themes.
# Normally, this is called by the theme itself in a
# :before_filter, but when there's an error, this doesn't
# happen. By calling it here, we can ensure error pages are
# still styled according to the theme.
- begin
- set_view_paths
- rescue NameError => e
- if !(e.message =~ /undefined local variable or method `set_view_paths'/)
- raise
- end
+ ActionController::Base.before_filters.select{|f| f.to_s =~ /set_view_paths/}.each do |f|
+ self.send(f)
end
# Make sure expiry time for session is set (before_filters are
# otherwise missed by this override)
@@ -229,6 +231,19 @@ class ApplicationController < ActionController::Base
end
end
+ def request_dirs(info_request)
+ first_three_digits = info_request.id.to_s()[0..2]
+ File.join(first_three_digits.to_s, info_request.id.to_s)
+ end
+
+ def request_download_zip_dir(info_request)
+ File.join(download_zip_dir, "download", request_dirs(info_request))
+ end
+
+ def download_zip_dir()
+ File.join(Rails.root, '/cache/zips/')
+ end
+
# get the local locale
def locale_from_params(*args)
if params[:show_locale]
@@ -441,11 +456,7 @@ class ApplicationController < ActionController::Base
end
end
- def param_exists(item)
- return params[item] && !params[item].empty?
- end
-
- def get_request_variety_from_params
+ def get_request_variety_from_params(params)
query = ""
sortby = "newest"
varieties = []
@@ -467,7 +478,7 @@ class ApplicationController < ActionController::Base
return query
end
- def get_status_from_params
+ def get_status_from_params(params)
query = ""
if params[:latest_status]
statuses = []
@@ -502,24 +513,24 @@ class ApplicationController < ActionController::Base
return query
end
- def get_date_range_from_params
+ def get_date_range_from_params(params)
query = ""
- if param_exists(:request_date_after) && !param_exists(:request_date_before)
+ if params.has_key?(:request_date_after) && !params.has_key?(:request_date_before)
params[:request_date_before] = Time.now.strftime("%d/%m/%Y")
query += " #{params[:request_date_after]}..#{params[:request_date_before]}"
- elsif !param_exists(:request_date_after) && param_exists(:request_date_before)
+ elsif !params.has_key?(:request_date_after) && params.has_key?(:request_date_before)
params[:request_date_after] = "01/01/2001"
end
- if param_exists(:request_date_after)
+ if params.has_key?(:request_date_after)
query = " #{params[:request_date_after]}..#{params[:request_date_before]}"
end
return query
end
- def get_tags_from_params
+ def get_tags_from_params(params)
query = ""
tags = []
- if param_exists(:tags)
+ if params.has_key?(:tags)
params[:tags].split().each do |tag|
tags << "tag:#{tag}"
end
@@ -530,12 +541,12 @@ class ApplicationController < ActionController::Base
return query
end
- def make_query_from_params
+ def make_query_from_params(params)
query = params[:query] || "" if query.nil?
- query += get_date_range_from_params
- query += get_request_variety_from_params
- query += get_status_from_params
- query += get_tags_from_params
+ query += get_date_range_from_params(params)
+ query += get_request_variety_from_params(params)
+ query += get_status_from_params(params)
+ query += get_tags_from_params(params)
return query
end
@@ -549,7 +560,7 @@ class ApplicationController < ActionController::Base
end
def set_popup_banner
- @popup_banner = render_to_string(:partial => "general/popup_banner").strip
+ @popup_banner = render_to_string(:partial => "general/popup_banner").strip.html_safe
end
# URL generating functions are needed by all controllers (for redirects),
# views (for links) and mailers (for use in emails), so include them into
diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb
index 0cde238cd..f6a46458e 100644
--- a/app/controllers/general_controller.rb
+++ b/app/controllers/general_controller.rb
@@ -19,53 +19,51 @@ class GeneralController < ApplicationController
# New, improved front page!
def frontpage
medium_cache
- behavior_cache :tag => [session[:user_id], request.url] do
- # get some example searches and public bodies to display
- # either from config, or based on a (slow!) query if not set
- body_short_names = Configuration::frontpage_publicbody_examples.split(/\s*;\s*/).map{|s| "'%s'" % s.gsub(/'/, "''") }.join(", ")
- @locale = self.locale_from_params()
- locale_condition = 'public_body_translations.locale = ?'
- conditions = [locale_condition, @locale]
- PublicBody.with_locale(@locale) do
- if body_short_names.empty?
- # This is too slow
- @popular_bodies = PublicBody.visible.find(:all,
- :order => "info_requests_count desc",
- :limit => 32,
- :conditions => conditions,
- :joins => :translations
- )
- else
- conditions[0] += " and public_bodies.url_name in (" + body_short_names + ")"
- @popular_bodies = PublicBody.find(:all,
- :conditions => conditions,
- :joins => :translations)
- end
+ # get some example searches and public bodies to display
+ # either from config, or based on a (slow!) query if not set
+ body_short_names = Configuration::frontpage_publicbody_examples.split(/\s*;\s*/).map{|s| "'%s'" % s.gsub(/'/, "''") }.join(", ")
+ @locale = self.locale_from_params()
+ locale_condition = 'public_body_translations.locale = ?'
+ conditions = [locale_condition, @locale]
+ PublicBody.with_locale(@locale) do
+ if body_short_names.empty?
+ # This is too slow
+ @popular_bodies = PublicBody.visible.find(:all,
+ :order => "info_requests_count desc",
+ :limit => 32,
+ :conditions => conditions,
+ :joins => :translations
+ )
+ else
+ conditions[0] += " and public_bodies.url_name in (" + body_short_names + ")"
+ @popular_bodies = PublicBody.find(:all,
+ :conditions => conditions,
+ :joins => :translations)
end
- # Get some successful requests
- begin
- query = 'variety:response (status:successful OR status:partially_successful)'
- sortby = "newest"
- max_count = 5
- xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count)
- @request_events = xapian_object.results.map { |r| r[:model] }
-
- # If there are not yet enough successful requests, fill out the list with
- # other requests
- if @request_events.count < max_count
- @request_events_all_successful = false
- query = 'variety:sent'
- xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count-@request_events.count)
- more_events = xapian_object.results.map { |r| r[:model] }
- @request_events += more_events
- # Overall we still want the list sorted with the newest first
- @request_events.sort!{|e1,e2| e2.created_at <=> e1.created_at}
- else
- @request_events_all_successful = true
- end
- rescue
- @request_events = []
+ end
+ # Get some successful requests
+ begin
+ query = 'variety:response (status:successful OR status:partially_successful)'
+ sortby = "newest"
+ max_count = 5
+ xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count)
+ @request_events = xapian_object.results.map { |r| r[:model] }
+
+ # If there are not yet enough successful requests, fill out the list with
+ # other requests
+ if @request_events.count < max_count
+ @request_events_all_successful = false
+ query = 'variety:sent'
+ xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count-@request_events.count)
+ more_events = xapian_object.results.map { |r| r[:model] }
+ @request_events += more_events
+ # Overall we still want the list sorted with the newest first
+ @request_events.sort!{|e1,e2| e2.created_at <=> e1.created_at}
+ else
+ @request_events_all_successful = true
end
+ rescue
+ @request_events = []
end
end
@@ -153,10 +151,10 @@ class GeneralController < ApplicationController
params[:query] = @query
end
if @variety_postfix != "all" && @requests
- @query, _ = make_query_from_params
+ @query, _ = make_query_from_params(params)
end
@inputted_sortby = @sortby
- @common_query = get_tags_from_params
+ @common_query = get_tags_from_params(params)
if @sortby.nil?
# Parse query, so can work out if it has prefix terms only - if so then it is a
# structured query which should show newest first, rather than a free text search
@@ -226,18 +224,10 @@ class GeneralController < ApplicationController
redirect_to request_url(info_request)
end
- # For debugging
- def fai_test
- sleep 10
- render :text => "awake\n"
- end
-
def custom_css
long_cache
@locale = self.locale_from_params()
render(:layout => false, :content_type => 'text/css')
end
-
-
end
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index cf90f45bb..573abac63 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -19,7 +19,6 @@ class HelpController < ApplicationController
def contact
@contact_email = Configuration::contact_email
- @contact_email = @contact_email.gsub(/@/, "&#64;")
# if they clicked remove for link to request/body, remove it
if params[:remove]
@@ -50,7 +49,7 @@ class HelpController < ApplicationController
end
@contact = ContactValidator.new(params[:contact])
if @contact.valid? && !params[:remove]
- ContactMailer.deliver_message(
+ ContactMailer.deliver_to_admin_message(
params[:contact][:name],
params[:contact][:email],
params[:contact][:subject],
diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb
index 8a4a65820..aa6980b69 100644
--- a/app/controllers/public_body_controller.rb
+++ b/app/controllers/public_body_controller.rb
@@ -25,22 +25,20 @@ class PublicBodyController < ApplicationController
end
# If found by historic name, or alternate locale name, redirect to new name
if @public_body.url_name != params[:url_name]
- redirect_to show_public_body_url(:url_name => @public_body.url_name)
+ redirect_to :url_name => @public_body.url_name
return
end
set_last_body(@public_body)
- top_url = main_url("/")
+ top_url = frontpage_url
@searched_to_send_request = false
referrer = request.env['HTTP_REFERER']
if !referrer.nil? && referrer.match(%r{^#{top_url}search/.*/bodies$})
@searched_to_send_request = true
end
@view = params[:view]
- params[:latest_status] = @view
-
- query = make_query_from_params
+ query = make_query_from_params(params.merge(:latest_status => @view))
query += " requested_from:#{@public_body.url_name}"
# Use search query for this so can collapse and paginate easily
# XXX really should just use SQL query here rather than Xapian.
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index c732a4b32..fe948db19 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -99,15 +99,13 @@ class RequestController < ApplicationController
# Sidebar stuff
# ... requests that have similar imporant terms
- behavior_cache :tag => ['similar', @info_request.id] do
- begin
- limit = 10
- @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events,
- :limit => limit, :collapse_by_prefix => 'request_collapse')
- @xapian_similar_more = (@xapian_similar.matches_estimated > limit)
- rescue
- @xapian_similar = nil
- end
+ begin
+ limit = 10
+ @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events,
+ :limit => limit, :collapse_by_prefix => 'request_collapse')
+ @xapian_similar_more = (@xapian_similar.matches_estimated > limit)
+ rescue
+ @xapian_similar = nil
end
# Track corresponding to this page
@@ -139,6 +137,11 @@ class RequestController < ApplicationController
short_cache
@per_page = 25
@page = (params[:page] || "1").to_i
+
+ # Later pages are very expensive to load
+ if @page > MAX_RESULTS / PER_PAGE
+ raise ActiveRecord::RecordNotFound.new("Sorry. No pages after #{MAX_RESULTS / PER_PAGE}.")
+ end
@info_request = InfoRequest.find_by_url_title!(params[:url_title])
raise ActiveRecord::RecordNotFound.new("Request not found") if @info_request.nil?
@@ -148,6 +151,8 @@ class RequestController < ApplicationController
end
@xapian_object = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events,
:offset => (@page - 1) * @per_page, :limit => @per_page, :collapse_by_prefix => 'request_collapse')
+ @matches_estimated = @xapian_object.matches_estimated
+ @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated
if (@page > 1)
@page_desc = " (page " + @page.to_s + ")"
@@ -161,7 +166,7 @@ class RequestController < ApplicationController
@view = params[:view]
@page = get_search_page_from_params if !@page # used in cache case, as perform_search sets @page as side effect
if @view == "recent"
- return redirect_to request_list_all_path(:action => "list", :view => "all", :page => @page), :status => :moved_permanently
+ return redirect_to request_list_all_url(:action => "list", :view => "all", :page => @page), :status => :moved_permanently
end
# Later pages are very expensive to load
@@ -169,17 +174,13 @@ class RequestController < ApplicationController
raise ActiveRecord::RecordNotFound.new("Sorry. No pages after #{MAX_RESULTS / PER_PAGE}.")
end
- params[:latest_status] = @view
- query = make_query_from_params
+ query = make_query_from_params(params.merge(:latest_status => @view))
@title = _("View and search requests")
sortby = "newest"
- @cache_tag = Digest::MD5.hexdigest(query + @page.to_s + I18n.locale.to_s)
- behavior_cache :tag => [@cache_tag] do
- xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse')
- @list_results = xapian_object.results.map { |r| r[:model] }
- @matches_estimated = xapian_object.matches_estimated
- @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated
- end
+ xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse')
+ @list_results = xapian_object.results.map { |r| r[:model] }
+ @matches_estimated = xapian_object.matches_estimated
+ @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated
@title = @title + " (page " + @page.to_s + ")" if (@page > 1)
@track_thing = TrackThing.create_track_for_search_query(query)
@@ -320,9 +321,9 @@ class RequestController < ApplicationController
message = ""
if @outgoing_message.contains_email?
if @user.nil?
- message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"];
+ message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
else
- message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"];
+ message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
end
message += _("<p>We recommend that you edit your request and remove the email address.
If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>")
@@ -331,7 +332,7 @@ class RequestController < ApplicationController
message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>");
end
if not message.empty?
- flash.now[:error] = message
+ flash.now[:error] = message.html_safe
end
render :action => 'preview'
return
@@ -368,7 +369,7 @@ class RequestController < ApplicationController
<p>If you write about this request (for example in a forum or a blog) please link to this page, and add an
annotation below telling people about your writing.</p>",:law_used_full=>@info_request.law_used_full,
:late_number_of_days => Configuration::reply_late_after_days)
- redirect_to show_new_request_path(:url_title => @info_request.url_title)
+ redirect_to show_new_request_url(:url_title => @info_request.url_title)
end
# Submitted to the describing state of messages form
@@ -437,8 +438,8 @@ class RequestController < ApplicationController
# Don't give advice on what to do next, as it isn't their request
RequestMailer.deliver_old_unclassified_updated(@info_request) if !@info_request.is_external?
if session[:request_game]
- flash[:notice] = _('Thank you for updating the status of the request \'<a href="{{url}}">{{info_request_title}}</a>\'. There are some more requests below for you to classify.',:info_request_title=>CGI.escapeHTML(@info_request.title), :url=>CGI.escapeHTML(request_url(@info_request)))
- redirect_to play_url
+ flash[:notice] = _('Thank you for updating the status of the request \'<a href="{{url}}">{{info_request_title}}</a>\'. There are some more requests below for you to classify.',:info_request_title=>CGI.escapeHTML(@info_request.title), :url=>CGI.escapeHTML(request_path(@info_request)))
+ redirect_to categorise_play_url
else
flash[:notice] = _('Thank you for updating this request!')
redirect_to request_url(@info_request)
@@ -623,7 +624,7 @@ class RequestController < ApplicationController
if !params[:submitted_followup].nil? && !params[:reedit]
if @info_request.allow_new_responses_from == 'nobody'
- flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]
+ flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe
else
if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body])
flash[:error] = _('You previously submitted that exact follow up message for this request.')
@@ -743,6 +744,12 @@ class RequestController < ApplicationController
end
def get_attachment_as_html
+
+ # The conversion process can generate files in the cache directory that can be served up
+ # directly by the webserver according to httpd.conf, so don't allow it unless that's OK.
+ if @files_can_be_cached != true
+ raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.")
+ end
get_attachment_internal(true)
# images made during conversion (e.g. images in PDF files) are put in the cache directory, so
@@ -862,22 +869,32 @@ class RequestController < ApplicationController
def download_entire_request
@locale = self.locale_from_params()
PublicBody.with_locale(@locale) do
- info_request = InfoRequest.find_by_url_title!(params[:url_title])
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
+ # Test for whole request being hidden or requester-only
+ if !@info_request.all_can_view?
+ render :template => 'request/hidden', :status => 410 # gone
+ return
+ end
if authenticated?(
:web => _("To download the zip file"),
- :email => _("Then you can download a zip file of {{info_request_title}}.",:info_request_title=>info_request.title),
- :email_subject => _("Log in to download a zip file of {{info_request_title}}",:info_request_title=>info_request.title)
+ :email => _("Then you can download a zip file of {{info_request_title}}.",
+ :info_request_title=>@info_request.title),
+ :email_subject => _("Log in to download a zip file of {{info_request_title}}",
+ :info_request_title=>@info_request.title)
)
- updated = Digest::SHA1.hexdigest(info_request.get_last_event.created_at.to_i.to_s + info_request.updated_at.to_i.to_s)
- @url_path = "/download/#{updated[0..1]}/#{updated}/#{params[:url_title]}.zip"
- file_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache/zips', @url_path))
+ updated = Digest::SHA1.hexdigest(@info_request.get_last_event.created_at.to_i.to_s + @info_request.updated_at.to_i.to_s)
+ @url_path = File.join("/download",
+ request_dirs(@info_request),
+ updated,
+ "#{params[:url_title]}.zip")
+ file_path = File.expand_path(File.join(download_zip_dir(), @url_path))
if !File.exists?(file_path)
FileUtils.mkdir_p(File.dirname(file_path))
Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile|
convert_command = Configuration::html_to_pdf_command
done = false
if !convert_command.blank? && File.exists?(convert_command)
- url = "http://#{Configuration::domain}#{request_url(info_request)}?print_stylesheet=1"
+ url = "http://#{Configuration::domain}#{request_path(@info_request)}?print_stylesheet=1"
tempfile = Tempfile.new('foihtml2pdf')
output = AlaveteliExternalCommand.run(convert_command, url, tempfile.path)
if !output.nil?
@@ -886,22 +903,21 @@ class RequestController < ApplicationController
}
done = true
else
- logger.error("Could not convert info request #{info_request.id} to PDF with command '#{convert_command} #{url} #{tempfile.path}'")
+ logger.error("Could not convert info request #{@info_request.id} to PDF with command '#{convert_command} #{url} #{tempfile.path}'")
end
tempfile.close
else
logger.warn("No HTML -> PDF converter found at #{convert_command}")
end
if !done
- @info_request = info_request
- @info_request_events = info_request.info_request_events
+ @info_request_events = @info_request.info_request_events
template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.rhtml"))
output = ERB.new(template).result(binding)
zipfile.get_output_stream("correspondence.txt") { |f|
f.puts(output)
}
end
- for message in info_request.incoming_messages
+ for message in @info_request.incoming_messages
attachments = message.get_attachments_for_display
for attachment in attachments
filename = "#{attachment.url_part_number}_#{attachment.display_filename}"
diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb
index 38bf51772..e75dac903 100644
--- a/app/controllers/services_controller.rb
+++ b/app/controllers/services_controller.rb
@@ -15,7 +15,7 @@ class ServicesController < ApplicationController
FastGettext.locale = FastGettext.best_locale_in(request.env['HTTP_ACCEPT_LANGUAGE'])
if found_country && found_country[:country_name] && found_country[:url] && found_country[:name]
text = _("Hello! You can make Freedom of Information requests within {{country_name}} at {{link_to_website}}",
- :country_name => found_country[:country_name], :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>")
+ :country_name => found_country[:country_name], :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>".html_safe)
else
current_country = WorldFOIWebsites.by_code(iso_country_code)[:country_name]
text = _("Hello! We have an <a href=\"/help/alaveteli?country_name=#{CGI.escape(current_country)}\">important message</a> for visitors outside {{country_name}}", :country_name => current_country)
@@ -25,7 +25,7 @@ class ServicesController < ApplicationController
end
end
if !text.empty?
- text += ' <span class="close-button">X</span>'
+ text += ' <span class="close-button">X</span>'.html_safe
end
render :text => text, :content_type => "text/plain" # XXX workaround the HTML validation in test suite
end
@@ -38,7 +38,7 @@ class ServicesController < ApplicationController
:locals => {:name_to => info_request.user_name,
:name_from => Configuration::contact_name,
:info_request => info_request, :reason => params[:reason],
- :info_request_url => 'http://' + Configuration::domain + request_url(info_request),
+ :info_request_url => 'http://' + Configuration::domain + request_path(info_request),
:site_name => site_name}
end
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 51e081c88..15da7f327 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -157,7 +157,7 @@ class TrackController < ApplicationController
def atom_feed_internal
@xapian_object = perform_search([InfoRequestEvent], @track_thing.track_query, @track_thing.params[:feed_sortby], nil, 25, 1)
respond_to do |format|
- format.atom { render :template => 'track/atom_feed' }
+ format.atom { render :template => 'track/atom_feed', :content_type => "application/atom+xml" }
format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true,
lambda { |t| @template.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) }
) } }
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 4ee527bae..fc8b6e014 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -422,7 +422,7 @@ class UserController < ApplicationController
ContactMailer.deliver_user_message(
@user,
@recipient_user,
- main_url(user_url(@user)),
+ user_url(@user),
params[:contact][:subject],
params[:contact][:message]
)
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 01:34:01 +0000