diff options
Diffstat (limited to 'app/controllers')
20 files changed, 283 insertions, 247 deletions
diff --git a/app/controllers/admin_censor_rule_controller.rb b/app/controllers/admin_censor_rule_controller.rb index d3e9e47d2..6f79b5ba1 100644 --- a/app/controllers/admin_censor_rule_controller.rb +++ b/app/controllers/admin_censor_rule_controller.rb @@ -2,7 +2,7 @@ # For modifying requests. # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class AdminCensorRuleController < AdminController def new diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index e90f03187..0bccd3358 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -2,7 +2,7 @@ # All admin controllers are dervied from this. # # Copyright (c) 2009 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ require 'fileutils' @@ -51,7 +51,7 @@ class AdminController < ApplicationController # For administration interface, return display name of authenticated user def admin_current_user - if Configuration::skip_admin_auth + if AlaveteliConfiguration::skip_admin_auth admin_http_auth_user else session[:admin_name] @@ -74,12 +74,12 @@ class AdminController < ApplicationController end def authenticate - if Configuration::skip_admin_auth + if AlaveteliConfiguration::skip_admin_auth session[:using_admin] = 1 return else if session[:using_admin].nil? || session[:admin_name].nil? - if params[:emergency].nil? || Configuration::disable_emergency_user + if params[:emergency].nil? || AlaveteliConfiguration::disable_emergency_user if authenticated?( :web => _("To log into the administrative interface"), :email => _("Then you can log into the administrative interface"), @@ -97,7 +97,7 @@ class AdminController < ApplicationController end else authenticate_or_request_with_http_basic do |user_name, password| - if user_name == Configuration::admin_username && password == Configuration::admin_password + if user_name == AlaveteliConfiguration::admin_username && password == AlaveteliConfiguration::admin_password session[:using_admin] = 1 session[:admin_name] = user_name else diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb index 800678787..ec5f95eda 100644 --- a/app/controllers/admin_general_controller.rb +++ b/app/controllers/admin_general_controller.rb @@ -2,7 +2,7 @@ # Controller for main admin pages. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class AdminGeneralController < AdminController skip_before_filter :authenticate, :only => :admin_js @@ -134,7 +134,7 @@ class AdminGeneralController < AdminController def debug @admin_current_user = admin_current_user - @current_commit = `git log -1 --format="%H"` + @current_commit = alaveteli_git_commit @current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'` @current_version = `git describe --always --tags` repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'` diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb index 93715d364..078af12f4 100644 --- a/app/controllers/admin_public_body_controller.rb +++ b/app/controllers/admin_public_body_controller.rb @@ -2,7 +2,7 @@ # Controller for editing public bodies from the admin interface. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ require "public_body_categories" @@ -23,12 +23,10 @@ class AdminPublicBodyController < AdminController if @page == "" @page = nil end - @public_bodies = PublicBody.paginate :order => "public_body_translations.name", :page => @page, :per_page => 100, - :conditions => @query.nil? ? "public_body_translations.locale = '#{@locale}'" : + @public_bodies = PublicBody.joins(:translations).where(@query.nil? ? "public_body_translations.locale = '#{@locale}'" : ["(lower(public_body_translations.name) like lower('%'||?||'%') or lower(public_body_translations.short_name) like lower('%'||?||'%') or - lower(public_body_translations.request_email) like lower('%'||?||'%' )) AND (public_body_translations.locale = '#{@locale}')", @query, @query, @query], - :joins => :translations + lower(public_body_translations.request_email) like lower('%'||?||'%' )) AND (public_body_translations.locale = '#{@locale}')", @query, @query, @query]).paginate :order => "public_body_translations.name", :page => @page, :per_page => 100 end @public_bodies_by_tag = PublicBody.find_by_tag(@query) end @@ -77,6 +75,9 @@ class AdminPublicBodyController < AdminController @locale = self.locale_from_params() I18n.with_locale(@locale) do @public_body = PublicBody.find(params[:id]) + @info_requests = @public_body.info_requests.paginate :order => "created_at desc", + :page => params[:page], + :per_page => 100 render end end diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index 53055ae32..66989ea93 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -2,7 +2,7 @@ # Controller for viewing FOI requests from the admin interface. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ require 'ostruct' @@ -14,10 +14,14 @@ class AdminRequestController < AdminController def list @query = params[:query] - @info_requests = InfoRequest.paginate :order => "created_at desc", + if @query + info_requests = InfoRequest.where(["lower(title) like lower('%'||?||'%')", @query]) + else + info_requests = InfoRequest + end + @info_requests = info_requests.paginate :order => "created_at desc", :page => params[:page], - :per_page => 100, - :conditions => @query.nil? ? nil : ["lower(title) like lower('%'||?||'%')", @query] + :per_page => 100 end def show @@ -25,11 +29,11 @@ class AdminRequestController < AdminController # XXX is this *really* the only way to render a template to a # variable, rather than to the response? vars = OpenStruct.new(:name_to => @info_request.user_name, - :name_from => Configuration::contact_name, + :name_from => AlaveteliConfiguration::contact_name, :info_request => @info_request, :reason => params[:reason], - :info_request_url => 'http://' + Configuration::domain + request_path(@info_request), + :info_request_url => 'http://' + AlaveteliConfiguration::domain + request_url(@info_request), :site_name => site_name) - template = File.read(File.join(File.dirname(__FILE__), "..", "views", "admin_request", "hidden_user_explanation.rhtml")) + template = File.read(File.join(File.dirname(__FILE__), "..", "views", "admin_request", "hidden_user_explanation.html.erb")) @request_hidden_user_explanation = ERB.new(template).result(vars.instance_eval { binding }) end @@ -361,11 +365,11 @@ class AdminRequestController < AdminController info_request.save! if ! info_request.is_external? - ContactMailer.deliver_from_admin_message( + ContactMailer.from_admin_message( info_request.user, subject, params[:explanation].strip.html_safe - ) + ).deliver flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name)) else flash[:notice] = _("This external request has been hidden") diff --git a/app/controllers/admin_track_controller.rb b/app/controllers/admin_track_controller.rb index 525c96782..085c9c6cc 100644 --- a/app/controllers/admin_track_controller.rb +++ b/app/controllers/admin_track_controller.rb @@ -2,14 +2,18 @@ # Show email alerts / RSS feeds from admin interface. # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class AdminTrackController < AdminController def list @query = params[:query] - @admin_tracks = TrackThing.paginate :order => "created_at desc", :page => params[:page], :per_page => 100, - :conditions => @query.nil? ? nil : ["lower(track_query) like lower('%'||?||'%')", @query ] - @popular = ActiveRecord::Base.connection.select_all("select count(*) as count, title, info_request_id from track_things join info_requests on info_request_id = info_requests.id where info_request_id is not null group by info_request_id, title order by count desc limit 10;") + if @query + track_things = TrackThing.where(["lower(track_query) like lower('%'||?||'%')", @query]) + else + track_things = TrackThing + end + @admin_tracks = track_things.paginate :order => "created_at desc", :page => params[:page], :per_page => 100 + @popular = ActiveRecord::Base.connection.select_all("select count(*) as count, title, info_request_id from track_things join info_requests on info_request_id = info_requests.id where info_request_id is not null group by info_request_id, title order by count desc limit 10;") end private diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb index feffa208e..929b93e0e 100644 --- a/app/controllers/admin_user_controller.rb +++ b/app/controllers/admin_user_controller.rb @@ -2,7 +2,7 @@ # Controller for viewing user accounts from the admin interface. # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class AdminUserController < AdminController def index @@ -12,9 +12,13 @@ class AdminUserController < AdminController def list @query = params[:query] - @admin_users = User.paginate :order => "name", :page => params[:page], :per_page => 100, - :conditions => @query.nil? ? nil : ["lower(name) like lower('%'||?||'%') or - lower(email) like lower('%'||?||'%')", @query, @query] + if @query + users = User.where(["lower(name) like lower('%'||?||'%') or + lower(email) like lower('%'||?||'%')", @query, @query]) + else + users = User + end + @admin_users = users.paginate :order => "name", :page => params[:page], :per_page => 100 end def list_banned diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 5d8ceb888..49b226e4b 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -83,7 +83,7 @@ class ApiController < ApplicationController direction = json["direction"] body = json["body"] - sent_at_str = json["sent_at"] + sent_at = json["sent_at"] errors = [] @@ -107,12 +107,6 @@ class ApiController < ApplicationController errors << "The 'body' is empty" end - begin - sent_at = Time.iso8601(sent_at_str) - rescue ArgumentError - errors << "Failed to parse 'sent_at' field as ISO8601 time: #{sent_at_str}" - end - if direction == "request" && !attachments.nil? errors << "You cannot attach files to messages in the 'request' direction" end @@ -155,7 +149,8 @@ class ApiController < ApplicationController ) end - mail = RequestMailer.create_external_response(request, body, sent_at, attachment_hashes) + mail = RequestMailer.external_response(request, body, sent_at, attachment_hashes) + request.receive(mail, mail.encoded, true) end render :json => { @@ -248,6 +243,6 @@ class ApiController < ApplicationController private def make_url(*args) - "http://" + Configuration::domain + "/" + args.join("/") + "http://" + AlaveteliConfiguration::domain + "/" + args.join("/") end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f3deeb64a..88b107861 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,30 +5,28 @@ # will be available for all controllers. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ require 'open-uri' class ApplicationController < ActionController::Base class PermissionDenied < StandardError end + class RouteNotFound < StandardError + end + # assign our own handler method for non-local exceptions + rescue_from Exception, :with => :render_exception + # Standard headers, footers and navigation for whole site layout "default" include FastGettext::Translation # make functions like _, n_, N_ etc available) - # Send notification email on exceptions - include ExceptionNotification::Notifiable - # Note: a filter stops the chain if it redirects or renders something before_filter :authentication_check before_filter :set_gettext_locale before_filter :check_in_post_redirect before_filter :session_remember_me before_filter :set_vary_header - before_filter :set_popup_banner - - # scrub sensitive parameters from the logs - filter_parameter_logging :password def set_vary_header response.headers['Vary'] = 'Cookie' @@ -53,19 +51,22 @@ class ApplicationController < ActionController::Base anonymous_cache(24.hours) end + # This is an override of the method provided by gettext_i18n_rails - note the explicit + # setting of I18n.locale, required due to the I18nProxy used in Rails 3 to trigger the + # lookup_context and expire the template cache def set_gettext_locale - if Configuration::include_default_locale_in_urls == false + if AlaveteliConfiguration::include_default_locale_in_urls == false params_locale = params[:locale] ? params[:locale] : I18n.default_locale else params_locale = params[:locale] end - if Configuration::use_default_browser_language + if AlaveteliConfiguration::use_default_browser_language requested_locale = params_locale || session[:locale] || cookies[:locale] || request.env['HTTP_ACCEPT_LANGUAGE'] || I18n.default_locale else requested_locale = params_locale || session[:locale] || cookies[:locale] || I18n.default_locale end requested_locale = FastGettext.best_locale_in(requested_locale) - session[:locale] = FastGettext.set_locale(requested_locale) + session[:locale] = I18n.locale = FastGettext.set_locale(requested_locale) if !@user.nil? if @user.locale != requested_locale @user.locale = session[:locale] @@ -74,9 +75,6 @@ class ApplicationController < ActionController::Base end end - # scrub sensitive parameters from the logs - filter_parameter_logging :password - helper_method :locale_from_params # Help work out which request causes RAM spike. @@ -92,7 +90,7 @@ class ApplicationController < ActionController::Base # egrep "CONSUME MEMORY: [0-9]{7} KB" production.log around_filter :record_memory def record_memory - record_memory = Configuration::debug_record_memory + record_memory = AlaveteliConfiguration::debug_record_memory if record_memory logger.info "Processing request for #{request.url} with Rails process #{Process.pid}" File.read("/proc/#{Process.pid}/status").match(/VmRSS:\s+(\d+)/) @@ -120,52 +118,36 @@ class ApplicationController < ActionController::Base end end - # Override default error handler, for production sites. - def rescue_action_in_public(exception) - # Looks for before_filters called something like `set_view_paths_{themename}`. These - # are set by the themes. - # Normally, this is called by the theme itself in a - # :before_filter, but when there's an error, this doesn't - # happen. By calling it here, we can ensure error pages are - # still styled according to the theme. - ActionController::Base.before_filters.select{|f| f.to_s =~ /set_view_paths/}.each do |f| - self.send(f) - end - # Make sure expiry time for session is set (before_filters are - # otherwise missed by this override) - session_remember_me + def render_exception(exception) - # Make sure the locale is set correctly too - set_gettext_locale + # In development, or the admin interface, or for a local request, let Rails handle the exception + # with its stack trace templates. Local requests in testing are a special case so that we can + # test this method - there we use consider_all_requests_local to control behaviour. + if Rails.application.config.consider_all_requests_local || local_request? || + (request.local? && !Rails.env.test?) + raise exception + end + @exception_backtrace = exception.backtrace.join("\n") + @exception_class = exception.class.to_s + @exception_message = exception.message case exception - when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError + when ActiveRecord::RecordNotFound, RouteNotFound @status = 404 when PermissionDenied @status = 403 else + message = "\n#{@exception_class} (#{@exception_message}):\n" + backtrace = Rails.backtrace_cleaner.clean(exception.backtrace, :silent) + message << " " << backtrace.join("\n ") + Rails.logger.fatal("#{message}\n\n") + ExceptionNotifier::Notifier.exception_notification(request.env, exception).deliver @status = 500 - notify_about_exception exception end - # Display user appropriate error message - @exception_backtrace = exception.backtrace.join("\n") - @exception_class = exception.class.to_s - @exception_message = exception.message - render :template => "general/exception_caught.rhtml", :status => @status - end - - # For development sites. - alias original_rescue_action_locally rescue_action_locally - def rescue_action_locally(exception) - # Make sure expiry time for session is set (before_filters are - # otherwise missed by this override) - session_remember_me - - # Make sure the locale is set correctly too - set_gettext_locale - - # Display default, detailed error for developers - original_rescue_action_locally(exception) + respond_to do |format| + format.html{ render :template => "general/exception_caught", :status => @status } + format.any{ render :nothing => true, :status => @status } + end end def local_request? @@ -175,6 +157,7 @@ class ApplicationController < ActionController::Base # Called from test code, is a mimic of UserController.confirm, for use in following email # links when in controller tests (though we also have full integration tests that # can work over multiple controllers) + # TODO: Move this to the tests. It shouldn't be here def test_code_redirect_by_email_token(token, controller_example_group) post_redirect = PostRedirect.find_by_email_token(token) if post_redirect.nil? @@ -182,7 +165,7 @@ class ApplicationController < ActionController::Base end session[:user_id] = post_redirect.user.id session[:user_circumstance] = post_redirect.circumstance - params = controller_example_group.params_from(:get, post_redirect.local_part_uri) + params = Rails.application.routes.recognize_path(post_redirect.local_part_uri) params.merge(post_redirect.post_params) controller_example_group.get params[:action], params end @@ -258,7 +241,7 @@ class ApplicationController < ActionController::Base # Check the user is logged in def authenticated?(reason_params) unless session[:user_id] - post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params, + post_redirect = PostRedirect.new(:uri => request.fullpath, :post_params => params, :reason_params => reason_params) post_redirect.save! # 'modal' controls whether the sign-in form will be displayed in the typical full-blown @@ -346,10 +329,10 @@ class ApplicationController < ActionController::Base # def check_read_only - if !Configuration::read_only.empty? + if !AlaveteliConfiguration::read_only.empty? flash[:notice] = _("<p>{{site_name}} is currently in maintenance. You can only view existing requests. You cannot make new ones, add followups or annotations, or otherwise change the database.</p> <p>{{read_only}}</p>", :site_name => site_name, - :read_only => Configuration::read_only) + :read_only => AlaveteliConfiguration::read_only) redirect_to frontpage_url end @@ -380,12 +363,15 @@ class ApplicationController < ActionController::Base # Peform the search @per_page = per_page - if this_page.nil? - @page = get_search_page_from_params - else - @page = this_page - end - result = InfoRequest.full_search(models, @query, order, ascending, collapse, @per_page, @page) + @page = this_page || get_search_page_from_params + + result = ActsAsXapian::Search.new(models, @query, + :offset => (@page - 1) * @per_page, + :limit => @per_page, + :sort_by_prefix => order, + :sort_by_ascending => ascending, + :collapse_by_prefix => collapse + ) result.results # Touch the results to load them, otherwise accessing them from the view # might fail later if the database has subsequently been reopened. return result @@ -552,16 +538,17 @@ class ApplicationController < ActionController::Base def country_from_ip country = "" - if !Configuration::gaze_url.empty? - country = quietly_try_to_open("#{Configuration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}") + if !AlaveteliConfiguration::gaze_url.empty? + country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}") end - country = Configuration::iso_country_code if country.empty? + country = AlaveteliConfiguration::iso_country_code if country.empty? return country end - def set_popup_banner - @popup_banner = render_to_string(:partial => "general/popup_banner").strip.html_safe + def alaveteli_git_commit + `git log -1 --format="%H"`.strip end + # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into # all of all. diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb index ed249d6cc..d4b17e9d2 100644 --- a/app/controllers/comment_controller.rb +++ b/app/controllers/comment_controller.rb @@ -2,7 +2,7 @@ # Show annotations upon a request or other object. # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class CommentController < ApplicationController before_filter :check_read_only, :only => [ :new ] diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 0783fc579..540f67ec9 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -3,14 +3,7 @@ # particular model. # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ - -begin - require 'xmlsimple' -rescue LoadError - # Debian maintainers put their xmlsimple in a different location :( - require 'lib/xmlsimple' -end +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ require 'open-uri' @@ -21,7 +14,7 @@ class GeneralController < ApplicationController medium_cache # get some example searches and public bodies to display # either from config, or based on a (slow!) query if not set - body_short_names = Configuration::frontpage_publicbody_examples.split(/\s*;\s*/).map{|s| "'%s'" % s.gsub(/'/, "''") }.join(", ") + body_short_names = AlaveteliConfiguration::frontpage_publicbody_examples.split(/\s*;\s*/).map{|s| "'%s'" % s.gsub(/'/, "''") }.join(", ") @locale = self.locale_from_params() locale_condition = 'public_body_translations.locale = ?' conditions = [locale_condition, @locale] @@ -71,7 +64,7 @@ class GeneralController < ApplicationController def blog medium_cache @feed_autodetect = [] - @feed_url = Configuration::blog_feed + @feed_url = AlaveteliConfiguration::blog_feed separator = @feed_url.include?('?') ? '&' : '?' @feed_url = "#{@feed_url}#{separator}lang=#{self.locale_from_params()}" @blog_items = [] @@ -84,7 +77,7 @@ class GeneralController < ApplicationController @feed_autodetect = [{:url => @feed_url, :title => "#{site_name} blog"}] end end - @twitter_user = Configuration::twitter_username + @twitter_user = AlaveteliConfiguration::twitter_username end # Just does a redirect from ?query= search to /query @@ -109,7 +102,7 @@ class GeneralController < ApplicationController def search # XXX Why is this so complicated with arrays and stuff? Look at the route # in config/routes.rb for comments. - combined = params[:combined] + combined = params[:combined].split("/") @sortby = nil @bodies = @requests = @users = true if combined.size > 0 && (['advanced'].include?(combined[-1])) @@ -154,13 +147,12 @@ class GeneralController < ApplicationController @query, _ = make_query_from_params(params) end @inputted_sortby = @sortby - @common_query = get_tags_from_params(params) if @sortby.nil? # Parse query, so can work out if it has prefix terms only - if so then it is a # structured query which should show newest first, rather than a free text search # where we want most relevant as default. begin - dummy_query = ::ActsAsXapian::Search.new([InfoRequestEvent], @query, :limit => 1) + dummy_query = ActsAsXapian::Search.new([InfoRequestEvent], @query, :limit => 1) rescue => e flash[:error] = "Your query was not quite right. " + CGI.escapeHTML(e.to_str) redirect_to search_url("") @@ -176,10 +168,8 @@ class GeneralController < ApplicationController # Query each type separately for separate display (XXX we are calling # perform_search multiple times and it clobbers per_page for each one, # so set as separate var) - requests_per_page = 25 - if params[:requests_per_page] - requests_per_page = params[:requests_per_page].to_i - end + requests_per_page = params[:requests_per_page] ? params[:requests_per_page].to_i : 25 + @this_page_hits = @total_hits = @xapian_requests_hits = @xapian_bodies_hits = @xapian_users_hits = 0 if @requests @xapian_requests = perform_search([InfoRequestEvent], @query, @sortby, 'request_collapse', requests_per_page) @@ -218,16 +208,19 @@ class GeneralController < ApplicationController @feed_autodetect = [ { :url => do_track_url(@track_thing, 'feed'), :title => @track_thing.params[:title_in_rss], :has_json => true } ] end - # Jump to a random request - def random_request - info_request = InfoRequest.random - redirect_to request_url(info_request) + # Handle requests for non-existent URLs - will be handled by ApplicationController::render_exception + def not_found + raise RouteNotFound end - def custom_css - long_cache - @locale = self.locale_from_params() - render(:layout => false, :content_type => 'text/css') + def version + respond_to do |format| + format.json { render :json => { + :alaveteli_git_commit => alaveteli_git_commit, + :alaveteli_version => ALAVETELI_VERSION, + :ruby_version => RUBY_VERSION + }} + end end end diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index 573abac63..9959df6d8 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -2,7 +2,7 @@ # Show information about one particular request. # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class HelpController < ApplicationController @@ -18,7 +18,7 @@ class HelpController < ApplicationController end def contact - @contact_email = Configuration::contact_email + @contact_email = AlaveteliConfiguration::contact_email # if they clicked remove for link to request/body, remove it if params[:remove] @@ -49,14 +49,14 @@ class HelpController < ApplicationController end @contact = ContactValidator.new(params[:contact]) if @contact.valid? && !params[:remove] - ContactMailer.deliver_to_admin_message( + ContactMailer.to_admin_message( params[:contact][:name], params[:contact][:email], params[:contact][:subject], params[:contact][:message], @user, @last_request, @last_body - ) + ).deliver flash[:notice] = _("Your message has been sent. Thank you for getting in touch! We'll get back to you soon.") redirect_to frontpage_url return diff --git a/app/controllers/holiday_controller.rb b/app/controllers/holiday_controller.rb index 3101c07e3..efc20701d 100644 --- a/app/controllers/holiday_controller.rb +++ b/app/controllers/holiday_controller.rb @@ -2,7 +2,7 @@ # Calculate dates # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class HolidayController < ApplicationController @@ -12,7 +12,7 @@ class HolidayController < ApplicationController def due_date if params[:holiday] @request_date = Date.strptime(params[:holiday]) or raise "Invalid date" - @due_date = Holiday.due_date_from(@request_date, Configuration::reply_late_after_days, Configuration::working_or_calendar_days) + @due_date = Holiday.due_date_from(@request_date, AlaveteliConfiguration::reply_late_after_days, AlaveteliConfiguration::working_or_calendar_days) @skipped = Holiday.all( :conditions => [ 'day >= ? AND day <= ?', @request_date.strftime("%F"), @due_date.strftime("%F") diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb index 1821e6725..374866eda 100644 --- a/app/controllers/public_body_controller.rb +++ b/app/controllers/public_body_controller.rb @@ -3,7 +3,7 @@ # Show information about a public body. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ require 'fastercsv' @@ -128,12 +128,12 @@ class PublicBodyController < ApplicationController end end I18n.with_locale(@locale) do - @public_bodies = PublicBody.paginate( - :order => "public_body_translations.name", :page => params[:page], :per_page => 100, - :conditions => conditions, - :joins => :translations + @public_bodies = PublicBody.where(conditions).joins(:translations).order("public_body_translations.name").paginate( + :page => params[:page], :per_page => 100 ) - render :template => "public_body/list" + respond_to do |format| + format.html { render :template => "public_body/list" } + end end end diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb new file mode 100644 index 000000000..a1dd53125 --- /dev/null +++ b/app/controllers/reports_controller.rb @@ -0,0 +1,31 @@ +class ReportsController < ApplicationController + def create + @info_request = InfoRequest.find_by_url_title!(params[:request_id]) + @reason = params[:reason] + @message = params[:message] + if @reason.empty? + flash[:error] = _("Please choose a reason") + render "new" + return + end + + if !authenticated_user + flash[:notice] = _("You need to be logged in to report a request for administrator attention") + elsif @info_request.attention_requested + flash[:notice] = _("This request has already been reported for administrator attention") + else + @info_request.report!(@reason, @message, @user) + flash[:notice] = _("This request has been reported for administrator attention") + end + redirect_to request_url(@info_request) + end + + def new + @info_request = InfoRequest.find_by_url_title!(params[:request_id]) + if authenticated?( + :web => _("To report this request"), + :email => _("Then you can report the request '{{title}}'", :title => @info_request.title), + :email_subject => _("Report an offensive or unsuitable request")) + end + end +end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index e82871d7b..0c1d9880c 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -1,10 +1,10 @@ +# encoding: UTF-8 # app/controllers/request_controller.rb: # Show information about one particular request. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ -require 'alaveteli_file_types' require 'zip/zip' require 'open-uri' @@ -17,7 +17,7 @@ class RequestController < ApplicationController @@custom_states_loaded = false begin - if ENV["RAILS_ENV"] != "test" + if !Rails.env.test? require 'customstates' include RequestControllerCustomStates @@custom_states_loaded = true @@ -28,7 +28,7 @@ class RequestController < ApplicationController def select_authority # Check whether we force the user to sign in right at the start, or we allow her # to start filling the request anonymously - if Configuration::force_registration_on_new_request && !authenticated?( + if AlaveteliConfiguration::force_registration_on_new_request && !authenticated?( :web => _("To send your FOI request"), :email => _("Then you'll be allowed to send FOI requests."), :email_subject => _("Confirm your email address") @@ -44,7 +44,7 @@ class RequestController < ApplicationController end def show - if !Configuration::varnish_host.blank? + if !AlaveteliConfiguration::varnish_host.blank? # If varnish is set up to accept PURGEs, then cache for a # long time long_cache @@ -67,8 +67,7 @@ class RequestController < ApplicationController # Test for whole request being hidden if !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end # Other parameters @@ -101,7 +100,7 @@ class RequestController < ApplicationController # ... requests that have similar imporant terms begin limit = 10 - @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, + @xapian_similar = ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, :limit => limit, :collapse_by_prefix => 'request_collapse') @xapian_similar_more = (@xapian_similar.matches_estimated > limit) rescue @@ -126,8 +125,7 @@ class RequestController < ApplicationController long_cache @info_request = InfoRequest.find_by_url_title!(params[:url_title]) if !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end @columns = ['id', 'event_type', 'created_at', 'described_state', 'last_described_at', 'calculated_state' ] end @@ -146,19 +144,12 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Request not found") if @info_request.nil? if !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end - @xapian_object = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, + @xapian_object = ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, :offset => (@page - 1) * @per_page, :limit => @per_page, :collapse_by_prefix => 'request_collapse') @matches_estimated = @xapian_object.matches_estimated @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated - - if (@page > 1) - @page_desc = " (page " + @page.to_s + ")" - else - @page_desc = "" - end end def list @@ -242,16 +233,19 @@ class RequestController < ApplicationController # Read parameters in - first the public body (by URL name or id) if params[:url_name] if params[:url_name].match(/^[0-9]+$/) - params[:info_request][:public_body_id] = params[:url_name] + params[:info_request][:public_body] = PublicBody.find(params[:url_name]) else public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404 - params[:info_request][:public_body_id] = public_body.id + params[:info_request][:public_body] = public_body end elsif params[:public_body_id] - params[:info_request][:public_body_id] = params[:public_body_id] + params[:info_request][:public_body] = PublicBody.find(params[:public_body_id]) + # Explicitly load the association as this isn't done automatically in newer Rails versions + elsif params[:info_request][:public_body_id] + params[:info_request][:public_body] = PublicBody.find(params[:info_request][:public_body_id]) end - if !params[:info_request][:public_body_id] + if !params[:info_request][:public_body] # compulsory to have a body by here, or go to front page which is start of process redirect_to frontpage_url return @@ -344,7 +338,7 @@ class RequestController < ApplicationController end if !authenticated?( - :web => _("To send your FOI request"), + :web => _("To send your FOI request").to_str, :email => _("Then your FOI request to {{public_body_name}} will be sent.",:public_body_name=>@info_request.public_body.name), :email_subject => _("Confirm your FOI request to ") + @info_request.public_body.name ) @@ -368,8 +362,8 @@ class RequestController < ApplicationController replied by then.</p> <p>If you write about this request (for example in a forum or a blog) please link to this page, and add an annotation below telling people about your writing.</p>",:law_used_full=>@info_request.law_used_full, - :late_number_of_days => Configuration::reply_late_after_days) - redirect_to show_new_request_url(:url_title => @info_request.url_title) + :late_number_of_days => AlaveteliConfiguration::reply_late_after_days) + redirect_to show_new_request_path(:url_title => @info_request.url_title) end # Submitted to the describing state of messages form @@ -417,12 +411,22 @@ class RequestController < ApplicationController end # Make the state change + event = info_request.log_event("status_update", + { :user_id => authenticated_user.id, + :old_described_state => info_request.described_state, + :described_state => described_state, + }) + info_request.set_described_state(described_state, authenticated_user, message) # If you're not the *actual* requester. e.g. you are playing the # classification game, or you're doing this just because you are an # admin user (not because you also own the request). if !info_request.is_actual_owning_user?(authenticated_user) + # Create a classification event for league tables + RequestClassification.create!(:user_id => authenticated_user.id, + :info_request_event_id => event.id) + # Don't give advice on what to do next, as it isn't their request if session[:request_game] flash[:notice] = _('Thank you for updating the status of the request \'<a href="{{url}}">{{info_request_title}}</a>\'. There are some more requests below for you to classify.',:info_request_title=>CGI.escapeHTML(info_request.title), :url=>CGI.escapeHTML(request_path(info_request))) @@ -434,6 +438,7 @@ class RequestController < ApplicationController return end + calculated_status = info_request.calculate_status # Display advice for requester on what to do next, as appropriate flash[:notice] = case info_request.calculate_status when 'waiting_response' @@ -442,7 +447,7 @@ class RequestController < ApplicationController when 'waiting_response_overdue' _("<p>Thank you! Hope you don't have to wait much longer.</p> <p>By law, you should have got a response promptly, and normally before the end of <strong>{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(info_request.date_response_required_by)) when 'waiting_response_very_overdue' - _("<p>Thank you! Your request is long overdue, by more than {{very_late_number_of_days}} working days. Most requests should be answered within {{late_number_of_days}} working days. You might like to complain about this, see below.</p>", :very_late_number_of_days => Configuration::reply_very_late_after_days, :late_number_of_days => Configuration::reply_late_after_days) + _("<p>Thank you! Your request is long overdue, by more than {{very_late_number_of_days}} working days. Most requests should be answered within {{late_number_of_days}} working days. You might like to complain about this, see below.</p>", :very_late_number_of_days => AlaveteliConfiguration::reply_very_late_after_days, :late_number_of_days => AlaveteliConfiguration::reply_late_after_days) when 'not_held' _("<p>Thank you! Here are some ideas on what to do next:</p> <ul> @@ -460,15 +465,25 @@ class RequestController < ApplicationController when 'rejected' _("Oh no! Sorry to hear that your request was refused. Here is what to do now.") when 'successful' - _("<p>We're glad you got all the information that you wanted. If you write about or make use of the information, please come back and add an annotation below saying what you did.</p><p>If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p>", :site_name=>site_name, :donation_url => "http://www.mysociety.org/donate/") + if AlaveteliConfiguration::donation_url.blank? + _("<p>We're glad you got all the information that you wanted. If you write about or make use of the information, please come back and add an annotation below saying what you did.</p>") + else + _("<p>We're glad you got all the information that you wanted. If you write about or make use of the information, please come back and add an annotation below saying what you did.</p><p>If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p>", + :site_name => site_name, :donation_url => AlaveteliConfiguration::donation_url) + end when 'partially_successful' - _("<p>We're glad you got some of the information that you wanted. If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p><p>If you want to try and get the rest of the information, here's what to do now.</p>", :site_name=>site_name, :donation_url=>"http://www.mysociety.org/donate/") + if AlaveteliConfiguration::donation_url.blank? + _("<p>We're glad you got some of the information that you wanted.</p><p>If you want to try and get the rest of the information, here's what to do now.</p>") + else + _("<p>We're glad you got some of the information that you wanted. If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p><p>If you want to try and get the rest of the information, here's what to do now.</p>", + :site_name => site_name, :donation_url => AlaveteliConfiguration::donation_url) + end when 'waiting_clarification' _("Please write your follow up message containing the necessary clarifications below.") when 'gone_postal' nil when 'internal_review' - _("<p>Thank you! Hopefully your wait isn't too long.</p><p>You should get a response within {{late_number_of_days}} days, or be told if it will take longer (<a href=\"{{review_url}}\">details</a>).</p>",:late_number_of_days => Configuration.reply_late_after_days, :review_url => unhappy_url(info_request) + "#internal_review") + _("<p>Thank you! Hopefully your wait isn't too long.</p><p>You should get a response within {{late_number_of_days}} days, or be told if it will take longer (<a href=\"{{review_url}}\">details</a>).</p>",:late_number_of_days => AlaveteliConfiguration.reply_late_after_days, :review_url => unhappy_url(info_request) + "#internal_review") when 'error_message', 'requires_admin' _("Thank you! We'll look into what happened and try and fix it up.") when 'user_withdrawn' @@ -560,10 +575,7 @@ class RequestController < ApplicationController end - params_outgoing_message = params[:outgoing_message] - if params_outgoing_message.nil? - params_outgoing_message = {} - end + params_outgoing_message = params[:outgoing_message] ? params[:outgoing_message].clone : {} params_outgoing_message.merge!({ :status => 'ready', :message_type => 'followup', @@ -586,8 +598,7 @@ class RequestController < ApplicationController # Test for hidden requests if !authenticated_user.nil? && !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end # Check address is good @@ -670,7 +681,7 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Message not found") if incoming_message.nil? if !incoming_message.info_request.user_can_view?(authenticated_user) @info_request = incoming_message.info_request # used by view - render :template => 'request/hidden', :status => 410 # gone + return render_hidden end # Is this a completely public request that we can cache attachments for # to be served up without authentication? @@ -679,25 +690,6 @@ class RequestController < ApplicationController end end - def report_request - info_request = InfoRequest.find_by_url_title!(params[:url_title]) - return if !authenticated?( - :web => _("To report this FOI request"), - :email => _("Then you can report the request '{{title}}'", :title => info_request.title), - :email_subject => _("Report an offensive or unsuitable request") - ) - - if !info_request.attention_requested - info_request.set_described_state('attention_requested', @user) - info_request.attention_requested = true # tells us if attention has ever been requested - info_request.save! - flash[:notice] = _("This request has been reported for administrator attention") - else - flash[:notice] = _("This request has already been reported for administrator attention") - end - redirect_to request_url(info_request) - end - # special caching code so mime types are handled right around_filter :cache_attachments, :only => [ :get_attachment, :get_attachment_as_html ] def cache_attachments @@ -708,16 +700,19 @@ class RequestController < ApplicationController key_path = foi_fragment_cache_path(key) if foi_fragment_cache_exists?(key_path) logger.info("Reading cache for #{key_path}") - raise PermissionDenied.new("Directory listing not allowed") if File.directory?(key_path) - cached = foi_fragment_cache_read(key_path) - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' - render_for_text(cached) + + if File.directory?(key_path) + render :text => "Directory listing not allowed", :status => 403 + else + render :text => foi_fragment_cache_read(key_path), + :content_type => (AlaveteliFileTypes.filename_to_mimetype(params[:file_name]) || 'application/octet-stream') + end return end yield - if params[:skip_cache].nil? + if params[:skip_cache].nil? && response.status == 200 # write it to the fileystem ourselves, so is just a plain file. (The # various fragment cache functions using Ruby Marshall to write the file # which adds a header, so isnt compatible with images that have been @@ -732,13 +727,14 @@ class RequestController < ApplicationController def get_attachment get_attachment_internal(false) + return unless @attachment # Prevent spam to magic request address. Note that the binary # subsitution method used depends on the content type @incoming_message.binary_mask_stuff!(@attachment.body, @attachment.content_type) # we don't use @attachment.content_type here, as we want same mime type when cached in cache_attachments above - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' + response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name]) || 'application/octet-stream' render :text => @attachment.body end @@ -751,6 +747,7 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.") end get_attachment_internal(true) + return unless @attachment # images made during conversion (e.g. images in PDF files) are put in the cache directory, so # the same cache code in cache_attachments above will display them. @@ -788,7 +785,7 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new(message) end @part_number = params[:part].to_i - @filename = params[:file_name].join("/") + @filename = params[:file_name] if html_conversion @original_filename = @filename.gsub(/\.html$/, "") else @@ -797,8 +794,11 @@ class RequestController < ApplicationController # check permissions raise "internal error, pre-auth filter should have caught this" if !@info_request.user_can_view?(authenticated_user) - @attachment = IncomingMessage.get_attachment_by_url_part_number(@incoming_message.get_attachments_for_display, @part_number) - raise ActiveRecord::RecordNotFound.new("attachment not found part number " + @part_number.to_s + " incoming_message " + @incoming_message.id.to_s) if @attachment.nil? + @attachment = IncomingMessage.get_attachment_by_url_part_number_and_filename(@incoming_message.get_attachments_for_display, @part_number, @original_filename) + # If we can't find the right attachment, redirect to the incoming message: + unless @attachment + return redirect_to incoming_message_url(@incoming_message), :status => 303 + end # check filename in URL matches that in database (use a censor rule if you want to change a filename) raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename @@ -849,7 +849,8 @@ class RequestController < ApplicationController return end - mail = RequestMailer.create_fake_response(@info_request, @user, body, file_name, file_content) + mail = RequestMailer.fake_response(@info_request, @user, body, file_name, file_content) + @info_request.receive(mail, mail.encoded, true) flash[:notice] = _("Thank you for responding to this FOI request! Your response has been published below, and a link to your response has been emailed to ") + CGI.escapeHTML(@info_request.user.name) + "." redirect_to request_url(@info_request) @@ -863,7 +864,7 @@ class RequestController < ApplicationController # by making the last work a wildcard, which is quite the same query = params[:q] @xapian_requests = perform_search_typeahead(query, InfoRequestEvent) - render :partial => "request/search_ahead.rhtml" + render :partial => "request/search_ahead" end def download_entire_request @@ -872,8 +873,7 @@ class RequestController < ApplicationController @info_request = InfoRequest.find_by_url_title!(params[:url_title]) # Test for whole request being hidden or requester-only if !@info_request.all_can_view? - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end if authenticated?( :web => _("To download the zip file"), @@ -891,10 +891,10 @@ class RequestController < ApplicationController if !File.exists?(file_path) FileUtils.mkdir_p(File.dirname(file_path)) Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile| - convert_command = Configuration::html_to_pdf_command + convert_command = AlaveteliConfiguration::html_to_pdf_command done = false if !convert_command.blank? && File.exists?(convert_command) - url = "http://#{Configuration::domain}#{request_path(@info_request)}?print_stylesheet=1" + url = "http://#{AlaveteliConfiguration::domain}#{request_path(@info_request)}?print_stylesheet=1" tempfile = Tempfile.new('foihtml2pdf') output = AlaveteliExternalCommand.run(convert_command, url, tempfile.path) if !output.nil? @@ -911,7 +911,7 @@ class RequestController < ApplicationController end if !done @info_request_events = @info_request.info_request_events - template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.rhtml")) + template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.html.erb")) output = ERB.new(template).result(binding) zipfile.get_output_stream("correspondence.txt") { |f| f.puts(output) @@ -933,5 +933,17 @@ class RequestController < ApplicationController end end end + + private + + def render_hidden + respond_to do |format| + response_code = 410 # gone + format.html{ render :template => 'request/hidden', :status => response_code } + format.any{ render :nothing => true, :status => response_code } + end + false + end + end diff --git a/app/controllers/request_game_controller.rb b/app/controllers/request_game_controller.rb index 4b6f02970..6eac399ac 100644 --- a/app/controllers/request_game_controller.rb +++ b/app/controllers/request_game_controller.rb @@ -2,7 +2,7 @@ # The 'categorise old requests' game # # Copyright (c) 2009 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class RequestGameController < ApplicationController diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb index e75dac903..11ed4ac8f 100644 --- a/app/controllers/services_controller.rb +++ b/app/controllers/services_controller.rb @@ -6,7 +6,7 @@ class ServicesController < ApplicationController def other_country_message text = "" - iso_country_code = Configuration::iso_country_code.downcase + iso_country_code = AlaveteliConfiguration::iso_country_code.downcase if country_from_ip.downcase != iso_country_code found_country = WorldFOIWebsites.by_code(country_from_ip) @@ -36,9 +36,9 @@ class ServicesController < ApplicationController :content_type => "text/plain", :layout => false, :locals => {:name_to => info_request.user_name, - :name_from => Configuration::contact_name, + :name_from => AlaveteliConfiguration::contact_name, :info_request => info_request, :reason => params[:reason], - :info_request_url => 'http://' + Configuration::domain + request_path(info_request), + :info_request_url => 'http://' + AlaveteliConfiguration::domain + request_path(info_request), :site_name => site_name} end diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 15da7f327..40fa69290 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -3,7 +3,7 @@ # social bookmarking. # # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class TrackController < ApplicationController @@ -80,10 +80,7 @@ class TrackController < ApplicationController # Track a search term def track_search_query - # XXX should be better thing in rails routes than having to do this - # join just to get / and . to work in a query. - query_array = params[:query_array] - @query = query_array.join("/") + @query = params[:query_array] # XXX more hackery to make alternate formats still work with query_array if /^(.*)\.json$/.match(@query) @@ -156,11 +153,14 @@ class TrackController < ApplicationController def atom_feed_internal @xapian_object = perform_search([InfoRequestEvent], @track_thing.track_query, @track_thing.params[:feed_sortby], nil, 25, 1) + # We're assuming that a request to a feed url with no format suffix wants atom/xml + # so set that as the default, regardless of content negotiation + request.format = 'xml' unless params[:format] respond_to do |format| - format.atom { render :template => 'track/atom_feed', :content_type => "application/atom+xml" } format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true, - lambda { |t| @template.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } + lambda { |t| view_context.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } ) } } + format.any { render :template => 'track/atom_feed.atom', :layout => false, :content_type => 'application/atom+xml' } end end diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index fc8b6e014..175425280 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -2,7 +2,7 @@ # Show information about a user. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ require 'set' @@ -19,8 +19,8 @@ class UserController < ApplicationController # Show page about a user def show long_cache - if MySociety::Format.simplify_url_part(params[:url_name], 'user', 32) != params[:url_name] - redirect_to :url_name => MySociety::Format.simplify_url_part(params[:url_name], 'user', 32), :status => :moved_permanently + if MySociety::Format.simplify_url_part(params[:url_name], 'user') != params[:url_name] + redirect_to :url_name => MySociety::Format.simplify_url_part(params[:url_name], 'user'), :status => :moved_permanently return end if params[:view].nil? @@ -119,7 +119,11 @@ class UserController < ApplicationController @track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc') for track_thing in @track_things # XXX factor out of track_mailer.rb - xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1) + xapian_object = ActsAsXapian::Search.new([InfoRequestEvent], track_thing.track_query, + :sort_by_prefix => 'described_at', + :sort_by_ascending => true, + :collapse_by_prefix => nil, + :limit => 20) feed_results += xapian_object.results.map {|x| x[:model]} end end @@ -136,7 +140,7 @@ class UserController < ApplicationController # Login form def signin work_out_post_redirect - @request_from_foreign_country = country_from_ip != Configuration::iso_country_code + @request_from_foreign_country = country_from_ip != AlaveteliConfiguration::iso_country_code # make sure we have cookies if session.instance_variable_get(:@dbman) if not session.instance_variable_get(:@dbman).instance_variable_get(:@original) @@ -190,7 +194,7 @@ class UserController < ApplicationController # Create new account form def signup work_out_post_redirect - @request_from_foreign_country = country_from_ip != Configuration::iso_country_code + @request_from_foreign_country = country_from_ip != AlaveteliConfiguration::iso_country_code # Make the user and try to save it @user_signup = User.new(params[:user_signup]) error = false @@ -222,7 +226,7 @@ class UserController < ApplicationController post_redirect = PostRedirect.find_by_email_token(params[:email_token]) if post_redirect.nil? - render :template => 'user/bad_token.rhtml' + render :template => 'user/bad_token' return end @@ -288,7 +292,7 @@ class UserController < ApplicationController post_redirect.user = user_signchangepassword post_redirect.save! url = confirm_url(:email_token => post_redirect.email_token) - UserMailer.deliver_confirm_login(user_signchangepassword, post_redirect.reason_params, url) + UserMailer.confirm_login(user_signchangepassword, post_redirect.reason_params, url).deliver else # User not found, but still show confirm page to not leak fact user exists end @@ -352,7 +356,7 @@ class UserController < ApplicationController # if new email already in use, send email there saying what happened user_alreadyexists = User.find_user_by_email(@signchangeemail.new_email) if user_alreadyexists - UserMailer.deliver_changeemail_already_used(@user.email, @signchangeemail.new_email) + UserMailer.changeemail_already_used(@user.email, @signchangeemail.new_email).deliver # it is important this screen looks the same as the one below, so # you can't change to someone's email in order to tell if they are # registered with that email on the site @@ -373,7 +377,7 @@ class UserController < ApplicationController post_redirect.save! url = confirm_url(:email_token => post_redirect.email_token) - UserMailer.deliver_changeemail_confirm(@user, @signchangeemail.new_email, url) + UserMailer.changeemail_confirm(@user, @signchangeemail.new_email, url).deliver # it is important this screen looks the same as the one above, so # you can't change to someone's email in order to tell if they are # registered with that email on the site @@ -419,13 +423,13 @@ class UserController < ApplicationController params[:contact][:email] = @user.email @contact = ContactValidator.new(params[:contact]) if @contact.valid? - ContactMailer.deliver_user_message( + ContactMailer.user_message( @user, @recipient_user, user_url(@user), params[:contact][:subject], params[:contact][:message] - ) + ).deliver flash[:notice] = _("Your message to {{recipient_user_name}} has been sent!",:recipient_user_name=>CGI.escapeHTML(@recipient_user.name)) redirect_to user_url(@recipient_user) return @@ -465,7 +469,7 @@ class UserController < ApplicationController @draft_profile_photo = ProfilePhoto.new(:data => file_content, :draft => true) if !@draft_profile_photo.valid? # error page (uses @profile_photo's error fields in view to show errors) - render :template => 'user/set_draft_profile_photo.rhtml' + render :template => 'user/set_draft_profile_photo' return end @draft_profile_photo.save @@ -480,7 +484,7 @@ class UserController < ApplicationController return end - render :template => 'user/set_crop_profile_photo.rhtml' + render :template => 'user/set_crop_profile_photo' return elsif !params[:submitted_crop_profile_photo].nil? # crop the draft photo according to jquery parameters and set it as the users photo @@ -499,7 +503,7 @@ class UserController < ApplicationController redirect_to set_profile_about_me_url() end else - render :template => 'user/set_draft_profile_photo.rhtml' + render :template => 'user/set_draft_profile_photo' end end @@ -527,11 +531,12 @@ class UserController < ApplicationController def get_draft_profile_photo profile_photo = ProfilePhoto.find(params[:id]) response.content_type = "image/png" - render_for_text(profile_photo.data) + render :text => profile_photo.data end # actual profile photo of a user def get_profile_photo + long_cache @display_user = User.find(:first, :conditions => [ "url_name = ? and email_confirmed = ?", params[:url_name], true ]) if !@display_user raise ActiveRecord::RecordNotFound.new("user not found, url_name=" + params[:url_name]) @@ -542,7 +547,7 @@ class UserController < ApplicationController end response.content_type = "image/png" - render_for_text(@display_user.profile_photo.data) + render :text => @display_user.profile_photo.data end # Change about me text on your profile page @@ -631,7 +636,7 @@ class UserController < ApplicationController post_redirect.save! url = confirm_url(:email_token => post_redirect.email_token) - UserMailer.deliver_confirm_login(user, post_redirect.reason_params, url) + UserMailer.confirm_login(user, post_redirect.reason_params, url).deliver render :action => 'confirm' end @@ -642,7 +647,7 @@ class UserController < ApplicationController post_redirect.save! url = confirm_url(:email_token => post_redirect.email_token) - UserMailer.deliver_already_registered(user, post_redirect.reason_params, url) + UserMailer.already_registered(user, post_redirect.reason_params, url).deliver render :action => 'confirm' # must be same as for send_confirmation_mail above to avoid leak of presence of email in db end |