diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application.rb | 25 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 25 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 10 |
3 files changed, 48 insertions, 12 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index cf5ca0db8..c997a356d 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.23 2007-11-05 16:46:10 francis Exp $ +# $Id: application.rb,v 1.24 2007-11-19 12:36:57 francis Exp $ class ApplicationController < ActionController::Base @@ -20,7 +20,7 @@ class ApplicationController < ActionController::Base # Check the user is logged in def authenticated?(reason_params) - unless session[:user] + unless session[:user_id] post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params, :reason_params => reason_params) post_redirect.save! @@ -30,9 +30,26 @@ class ApplicationController < ActionController::Base return true end + def authenticated_as_user?(user, reason_params) + reason_params[:user_name] = user.name + reason_params[:user_url] = show_user_url(:simple_name => simplify_url_part(user.name)) + if session[:user_id] + if session[:user_id] == user.id + # They are logged in as the right user + return true + else + # They are already logged in, but as the wrong user + @reason_params = reason_params + render 'user/wrong_user' + end + end + # They are not logged in at all + return authenticated?(reason_params) + end + # Return logged in user def authenticated_user - return User.find(session[:user]) + return User.find(session[:user_id]) end # Do a POST redirect. This is a nasty hack - we store the posted values in @@ -61,7 +78,7 @@ class ApplicationController < ActionController::Base # Default layout shows user in corner, so needs access to it before_filter :authentication_check def authentication_check - if session[:user] + if session[:user_id] @user = authenticated_user end end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 1a1b2be90..818545c05 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: request_controller.rb,v 1.16 2007-11-14 01:01:38 francis Exp $ +# $Id: request_controller.rb,v 1.17 2007-11-19 12:36:57 francis Exp $ class RequestController < ApplicationController @@ -44,7 +44,7 @@ class RequestController < ApplicationController if not @info_request.valid? render :action => 'new' elsif authenticated?( - :web => "To send your FOI request, please sign in or make a new account.", + :web => "To send your FOI request", :email => "Then your FOI request to " + @info_request.public_body.name + " will be sent.", :email_subject => "Confirm that you want to send an FOI request to " + @info_request.public_body.name ) @@ -56,7 +56,26 @@ class RequestController < ApplicationController else # do nothing - as "authenticated?" has done the redirect to signin page for us end - end + end + + # Did the incoming message contain info? + def classify + @info_request = InfoRequest.find(params[:id]) + + if authenticated_as_user?(@info_request.user, + :web => "To view and classify the response to this FOI request", + :email => "Then you can classify the FOI response you have got from " + @info_request.public_body.name + ".", + :email_subject => "Classify a response from " + @info_request.public_body.name + " to your FOI request" + ) + @correspondences = @info_request.outgoing_messages + @info_request.incoming_messages + @correspondences.sort! { |a,b| a.sent_at <=> b.sent_at } + @status = @info_request.calculate_status + else + # do nothing - as "authenticated?" has done the redirect to signin page for us + end + + end + private diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 72693be1e..cf412c473 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.18 2007-11-09 01:48:36 francis Exp $ +# $Id: user_controller.rb,v 1.19 2007-11-19 12:36:57 francis Exp $ class UserController < ApplicationController # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below @@ -33,7 +33,7 @@ class UserController < ApplicationController else # Successful login if @user.email_confirmed - session[:user] = @user.id + session[:user_id] = @user.id do_post_redirect @post_redirect.uri, @post_redirect.post_params else send_confirmation_mail @@ -79,14 +79,14 @@ class UserController < ApplicationController @user.email_confirmed = true @user.save - session[:user] = @user.id + session[:user_id] = @user.id do_post_redirect post_redirect.uri, post_redirect.post_params end # Logout form def signout - session[:user] = nil + session[:user_id] = nil if params[:r] redirect_to params[:r] else @@ -107,7 +107,7 @@ class UserController < ApplicationController if params[:r] @post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {}, :reason_params => { - :web => "Please sign in or make a new account.", + :web => "", :email => "Then your can sign in to GovernmentSpy.", :email_subject => "Confirm your account on GovernmentSpy" }) |