diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin_public_body_controller.rb | 16 | ||||
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 10 | ||||
| -rw-r--r-- | app/controllers/admin_track_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/admin_user_controller.rb | 10 | ||||
| -rw-r--r-- | app/controllers/api_controller.rb | 32 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 34 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/public_body_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 45 | ||||
| -rw-r--r-- | app/controllers/track_controller.rb | 4 |
10 files changed, 111 insertions, 64 deletions
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb index ac12e97b2..079022777 100644 --- a/app/controllers/admin_public_body_controller.rb +++ b/app/controllers/admin_public_body_controller.rb @@ -14,7 +14,7 @@ class AdminPublicBodyController < AdminController def _lookup_query_internal @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do @query = params[:query] if @query == "" @query = nil @@ -23,12 +23,10 @@ class AdminPublicBodyController < AdminController if @page == "" @page = nil end - @public_bodies = PublicBody.paginate :order => "public_body_translations.name", :page => @page, :per_page => 100, - :conditions => @query.nil? ? "public_body_translations.locale = '#{@locale}'" : + @public_bodies = PublicBody.joins(:translations).where(@query.nil? ? "public_body_translations.locale = '#{@locale}'" : ["(lower(public_body_translations.name) like lower('%'||?||'%') or lower(public_body_translations.short_name) like lower('%'||?||'%') or - lower(public_body_translations.request_email) like lower('%'||?||'%' )) AND (public_body_translations.locale = '#{@locale}')", @query, @query, @query], - :joins => :translations + lower(public_body_translations.request_email) like lower('%'||?||'%' )) AND (public_body_translations.locale = '#{@locale}')", @query, @query, @query]).paginate :order => "public_body_translations.name", :page => @page, :per_page => 100 end @public_bodies_by_tag = PublicBody.find_by_tag(@query) end @@ -75,7 +73,7 @@ class AdminPublicBodyController < AdminController def show @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do @public_body = PublicBody.find(params[:id]) render end @@ -87,7 +85,7 @@ class AdminPublicBodyController < AdminController end def create - PublicBody.with_locale(I18n.default_locale) do + I18n.with_locale(I18n.default_locale) do params[:public_body][:last_edit_editor] = admin_current_user() @public_body = PublicBody.new(params[:public_body]) if @public_body.save @@ -106,7 +104,7 @@ class AdminPublicBodyController < AdminController end def update - PublicBody.with_locale(I18n.default_locale) do + I18n.with_locale(I18n.default_locale) do params[:public_body][:last_edit_editor] = admin_current_user() @public_body = PublicBody.find(params[:id]) if @public_body.update_attributes(params[:public_body]) @@ -120,7 +118,7 @@ class AdminPublicBodyController < AdminController def destroy @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do public_body = PublicBody.find(params[:id]) if public_body.info_requests.size > 0 diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index e39d55c7c..9f94b41b2 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -14,10 +14,14 @@ class AdminRequestController < AdminController def list @query = params[:query] - @info_requests = InfoRequest.paginate :order => "created_at desc", + if @query + info_requests = InfoRequest.where(["lower(title) like lower('%'||?||'%')", @query]) + else + info_requests = InfoRequest.all + end + @info_requests = info_requests.paginate :order => "created_at desc", :page => params[:page], - :per_page => 100, - :conditions => @query.nil? ? nil : ["lower(title) like lower('%'||?||'%')", @query] + :per_page => 100 end def list_old_unclassified diff --git a/app/controllers/admin_track_controller.rb b/app/controllers/admin_track_controller.rb index 03217da45..3b75c4f7b 100644 --- a/app/controllers/admin_track_controller.rb +++ b/app/controllers/admin_track_controller.rb @@ -7,8 +7,12 @@ class AdminTrackController < AdminController def list @query = params[:query] - @admin_tracks = TrackThing.paginate :order => "created_at desc", :page => params[:page], :per_page => 100, - :conditions => @query.nil? ? nil : ["lower(track_query) like lower('%'||?||'%')", @query ] + if @query + track_things = TrackThing.where(["lower(track_query) like lower('%'||?||'%')", @query]) + else + track_things = TrackThing.all + end + @admin_tracks = track_things.paginate :order => "created_at desc", :page => params[:page], :per_page => 100 end private diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb index ed20ddcf4..3beefb9af 100644 --- a/app/controllers/admin_user_controller.rb +++ b/app/controllers/admin_user_controller.rb @@ -12,9 +12,13 @@ class AdminUserController < AdminController def list @query = params[:query] - @admin_users = User.paginate :order => "name", :page => params[:page], :per_page => 100, - :conditions => @query.nil? ? nil : ["lower(name) like lower('%'||?||'%') or - lower(email) like lower('%'||?||'%')", @query, @query] + if @query + users = User.where(["lower(name) like lower('%'||?||'%') or + lower(email) like lower('%'||?||'%')", @query, @query]) + else + users = User.all + end + @admin_users = users.paginate :order => "name", :page => params[:page], :per_page => 100 end def list_banned diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 15fb4f5f9..424f0444d 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -83,7 +83,7 @@ class ApiController < ApplicationController direction = json["direction"] body = json["body"] - sent_at_str = json["sent_at"] + sent_at = json["sent_at"] errors = [] @@ -107,12 +107,6 @@ class ApiController < ApplicationController errors << "The 'body' is empty" end - begin - sent_at = Time.iso8601(sent_at_str) - rescue ArgumentError - errors << "Failed to parse 'sent_at' field as ISO8601 time: #{sent_at_str}" - end - if direction == "request" && !attachments.nil? errors << "You cannot attach files to messages in the 'request' direction" end @@ -154,8 +148,28 @@ class ApiController < ApplicationController :filename => filename ) end - - mail = RequestMailer.create_external_response(request, body, sent_at, attachment_hashes) + if MailHandler.backend == "TMail" + # Directly construct Tmail object using attachment_hashes + mail = TMail::Mail.new + mail.body = body + blackhole_email = Configuration::blackhole_prefix+"@"+Configuration::incoming_email_domain + mail.from = blackhole_email + mail.to = request.incoming_name_and_email + mail.date = sent_at.dup.localtime + b = TMail::Mail.new + b.body = body + mail.parts << b + attachment_hashes.each do |attachment_hash| + attachment = TMail::Mail.new + attachment.body = Base64.encode64(attachment_hash[:body]) + attachment.transfer_encoding = "Base64" + attachment.set_content_type(attachment_hash[:content_type]) + attachment['Content-Disposition'] = "attachment; filename=#{attachment_hash[:filename]}" + mail.parts << attachment + end + else + mail = RequestMailer.create_external_response(request, body, sent_at, attachment_hashes) + end request.receive(mail, mail.encoded, true) end render :json => { diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ed1523f75..2a2b29bfe 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -27,9 +27,6 @@ class ApplicationController < ActionController::Base before_filter :set_vary_header before_filter :set_popup_banner - # scrub sensitive parameters from the logs - filter_parameter_logging :password - def set_vary_header response.headers['Vary'] = 'Cookie' end @@ -74,9 +71,6 @@ class ApplicationController < ActionController::Base end end - # scrub sensitive parameters from the logs - filter_parameter_logging :password - helper_method :locale_from_params # Help work out which request causes RAM spike. @@ -154,19 +148,20 @@ class ApplicationController < ActionController::Base render :template => "general/exception_caught.rhtml", :status => @status end - # For development sites. - alias original_rescue_action_locally rescue_action_locally - def rescue_action_locally(exception) - # Make sure expiry time for session is set (before_filters are - # otherwise missed by this override) - session_remember_me + # FIXME: This was disabled during the Rails 3 upgrade as this is now handled by Rack + # # For development sites. + # alias original_rescue_action_locally rescue_action_locally + # def rescue_action_locally(exception) + # # Make sure expiry time for session is set (before_filters are + # # otherwise missed by this override) + # session_remember_me - # Make sure the locale is set correctly too - set_gettext_locale + # # Make sure the locale is set correctly too + # set_gettext_locale - # Display default, detailed error for developers - original_rescue_action_locally(exception) - end + # # Display default, detailed error for developers + # original_rescue_action_locally(exception) + # end def local_request? false @@ -175,6 +170,7 @@ class ApplicationController < ActionController::Base # Called from test code, is a mimic of UserController.confirm, for use in following email # links when in controller tests (though we also have full integration tests that # can work over multiple controllers) + # TODO: Move this to the tests. It shouldn't be here def test_code_redirect_by_email_token(token, controller_example_group) post_redirect = PostRedirect.find_by_email_token(token) if post_redirect.nil? @@ -182,7 +178,7 @@ class ApplicationController < ActionController::Base end session[:user_id] = post_redirect.user.id session[:user_circumstance] = post_redirect.circumstance - params = controller_example_group.params_from(:get, post_redirect.local_part_uri) + params = Rails.application.routes.recognize_path(post_redirect.local_part_uri) params.merge(post_redirect.post_params) controller_example_group.get params[:action], params end @@ -258,7 +254,7 @@ class ApplicationController < ActionController::Base # Check the user is logged in def authenticated?(reason_params) unless session[:user_id] - post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params, + post_redirect = PostRedirect.new(:uri => request.fullpath, :post_params => params, :reason_params => reason_params) post_redirect.save! # 'modal' controls whether the sign-in form will be displayed in the typical full-blown diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 875e39494..34870bd42 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -25,7 +25,7 @@ class GeneralController < ApplicationController @locale = self.locale_from_params() locale_condition = 'public_body_translations.locale = ?' conditions = [locale_condition, @locale] - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do if body_short_names.empty? # This is too slow @popular_bodies = PublicBody.visible.find(:all, @@ -109,7 +109,7 @@ class GeneralController < ApplicationController def search # XXX Why is this so complicated with arrays and stuff? Look at the route # in config/routes.rb for comments. - combined = params[:combined] + combined = params[:combined].split("/") @sortby = nil @bodies = @requests = @users = true if combined.size > 0 && (['advanced'].include?(combined[-1])) diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb index 8a4a65820..985467de3 100644 --- a/app/controllers/public_body_controller.rb +++ b/app/controllers/public_body_controller.rb @@ -16,7 +16,7 @@ class PublicBodyController < ApplicationController return end @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do @public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) raise ActiveRecord::RecordNotFound.new("None found") if @public_body.nil? if @public_body.url_name.nil? @@ -71,7 +71,7 @@ class PublicBodyController < ApplicationController @public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) raise ActiveRecord::RecordNotFound.new("None found") if @public_body.nil? - PublicBody.with_locale(self.locale_from_params()) do + I18n.with_locale(self.locale_from_params()) do if params[:submitted_view_email] if verify_recaptcha flash.discard(:error) @@ -129,11 +129,9 @@ class PublicBodyController < ApplicationController @description = _("in the category ‘{{category_name}}’", :category_name=>category_name) end end - PublicBody.with_locale(@locale) do - @public_bodies = PublicBody.paginate( - :order => "public_body_translations.name", :page => params[:page], :per_page => 100, - :conditions => conditions, - :joins => :translations + I18n.with_locale(@locale) do + @public_bodies = PublicBody.where(conditions).joins(:translations).order("public_body_translations.name").paginate( + :page => params[:page], :per_page => 100 ) render :template => "public_body/list" end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index dfa3a4834..162060d9b 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -52,7 +52,7 @@ class RequestController < ApplicationController medium_cache end @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do # Look up by old style numeric identifiers if params[:url_title].match(/^[0-9]+$/) @@ -709,10 +709,13 @@ class RequestController < ApplicationController key_path = foi_fragment_cache_path(key) if foi_fragment_cache_exists?(key_path) logger.info("Reading cache for #{key_path}") - raise PermissionDenied.new("Directory listing not allowed") if File.directory?(key_path) - cached = foi_fragment_cache_read(key_path) - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' - render_for_text(cached) + + if File.directory?(key_path) + render :text => "Directory listing not allowed", :status => 403 + else + render :text => foi_fragment_cache_read(key_path), + :content_type => (AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream') + end return end @@ -812,7 +815,7 @@ class RequestController < ApplicationController # FOI officers can upload a response def upload_response @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do @info_request = InfoRequest.find_by_url_title!(params[:url_title]) @reason_params = { @@ -850,7 +853,33 @@ class RequestController < ApplicationController return end - mail = RequestMailer.create_fake_response(@info_request, @user, body, file_name, file_content) + # There is duplication of the email creation code in api_controller.rb + # TODO: Remove duplication + if MailHandler.backend == "TMail" + # Directly construct Tmail object using attachment_hashes + mail = TMail::Mail.new + mail.from = @user.name_and_email + mail.to = @info_request.incoming_name_and_email + + b = TMail::Mail.new + b.body = body + b.set_content_type("text/plain") + b['Content-Disposition'] = "inline" + mail.parts << b + + if !file_name.nil? && !file_content.nil? + content_type = AlaveteliFileTypes.filename_to_mimetype(file_name) || 'application/octet-stream' + + attachment = TMail::Mail.new + attachment.body = Base64.encode64(file_content) + attachment.transfer_encoding = "base64" + attachment['Content-Type'] = "#{content_type}; name=\"#{file_name}\"" + attachment['Content-Disposition'] = "attachment; filename=#{file_name}" + mail.parts << attachment + end + else + mail = RequestMailer.create_fake_response(@info_request, @user, body, file_name, file_content) + end @info_request.receive(mail, mail.encoded, true) flash[:notice] = _("Thank you for responding to this FOI request! Your response has been published below, and a link to your response has been emailed to ") + CGI.escapeHTML(@info_request.user.name) + "." redirect_to request_url(@info_request) @@ -869,7 +898,7 @@ class RequestController < ApplicationController def download_entire_request @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do @info_request = InfoRequest.find_by_url_title!(params[:url_title]) # Test for whole request being hidden or requester-only if !@info_request.all_can_view? diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 15da7f327..23d79b30c 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -157,10 +157,10 @@ class TrackController < ApplicationController def atom_feed_internal @xapian_object = perform_search([InfoRequestEvent], @track_thing.track_query, @track_thing.params[:feed_sortby], nil, 25, 1) respond_to do |format| - format.atom { render :template => 'track/atom_feed', :content_type => "application/atom+xml" } format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true, - lambda { |t| @template.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } + lambda { |t| view_context.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } ) } } + format.any { render :template => 'track/atom_feed.atom', :layout => false, :content_type => :atom } end end |