aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_censor_rule_controller.rb4
-rw-r--r--app/controllers/admin_controller.rb31
-rw-r--r--app/controllers/admin_general_controller.rb2
-rw-r--r--app/controllers/admin_public_body_controller.rb8
-rw-r--r--app/controllers/admin_request_controller.rb18
-rw-r--r--app/controllers/application_controller.rb14
-rw-r--r--app/controllers/general_controller.rb8
-rw-r--r--app/controllers/public_body_controller.rb33
-rw-r--r--app/controllers/request_controller.rb33
-rw-r--r--app/controllers/services_controller.rb6
-rw-r--r--app/controllers/track_controller.rb2
-rw-r--r--app/controllers/user_controller.rb5
12 files changed, 75 insertions, 89 deletions
diff --git a/app/controllers/admin_censor_rule_controller.rb b/app/controllers/admin_censor_rule_controller.rb
index dca312b8b..5381921bf 100644
--- a/app/controllers/admin_censor_rule_controller.rb
+++ b/app/controllers/admin_censor_rule_controller.rb
@@ -15,7 +15,7 @@ class AdminCensorRuleController < AdminController
end
def create
- params[:censor_rule][:last_edit_editor] = admin_http_auth_user()
+ params[:censor_rule][:last_edit_editor] = admin_current_user()
@censor_rule = CensorRule.new(params[:censor_rule])
if @censor_rule.save
if !@censor_rule.info_request.nil?
@@ -42,7 +42,7 @@ class AdminCensorRuleController < AdminController
end
def update
- params[:censor_rule][:last_edit_editor] = admin_http_auth_user()
+ params[:censor_rule][:last_edit_editor] = admin_current_user()
@censor_rule = CensorRule.find(params[:id])
if @censor_rule.update_attributes(params[:censor_rule])
if !@censor_rule.info_request.nil?
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index dd966c4af..d7933b212 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -45,12 +45,36 @@ class AdminController < ApplicationController
end
end
+ # For administration interface, return display name of authenticated user
+ def admin_current_user
+ if Configuration::skip_admin_auth
+ admin_http_auth_user
+ else
+ session[:admin_name]
+ end
+ end
+
+ # If we're skipping Alaveteli admin authentication, assume that the environment
+ # will give us an authenticated user name
+ def admin_http_auth_user
+ # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067
+ # Hence the second clause which reads X-Forwarded-User header if available.
+ # See the rewrite rules in conf/httpd.conf which set X-Forwarded-User
+ if request.env["REMOTE_USER"]
+ return request.env["REMOTE_USER"]
+ elsif request.env["HTTP_X_FORWARDED_USER"]
+ return request.env["HTTP_X_FORWARDED_USER"]
+ else
+ return "*unknown*";
+ end
+ end
+
def authenticate
if Configuration::skip_admin_auth
session[:using_admin] = 1
return
else
- if session[:using_admin].nil?
+ if session[:using_admin].nil? || session[:admin_name].nil?
if params[:emergency].nil?
if authenticated?(
:web => _("To log into the administrative interface"),
@@ -59,11 +83,12 @@ class AdminController < ApplicationController
:user_name => "a superuser")
if !@user.nil? && @user.admin_level == "super"
session[:using_admin] = 1
- request.env['REMOTE_USER'] = @user.url_name
+ session[:admin_name] = @user.url_name
else
session[:using_admin] = nil
session[:user_id] = nil
+ session[:admin_name] = nil
self.authenticate
end
end
@@ -71,7 +96,7 @@ class AdminController < ApplicationController
authenticate_or_request_with_http_basic do |user_name, password|
if user_name == Configuration::admin_username && password == Configuration::admin_password
session[:using_admin] = 1
- request.env['REMOTE_USER'] = user_name
+ session[:admin_name] = user_name
else
request_http_basic_authentication
end
diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb
index 5176eb8db..9f4c398c1 100644
--- a/app/controllers/admin_general_controller.rb
+++ b/app/controllers/admin_general_controller.rb
@@ -120,7 +120,7 @@ class AdminGeneralController < AdminController
end
def debug
- @http_auth_user = admin_http_auth_user
+ @admin_current_user = admin_current_user
@current_commit = `git log -1 --format="%H"`
@current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
@current_version = `git describe --always --tags`
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb
index e64925bde..ac12e97b2 100644
--- a/app/controllers/admin_public_body_controller.rb
+++ b/app/controllers/admin_public_body_controller.rb
@@ -88,7 +88,7 @@ class AdminPublicBodyController < AdminController
def create
PublicBody.with_locale(I18n.default_locale) do
- params[:public_body][:last_edit_editor] = admin_http_auth_user()
+ params[:public_body][:last_edit_editor] = admin_current_user()
@public_body = PublicBody.new(params[:public_body])
if @public_body.save
flash[:notice] = 'PublicBody was successfully created.'
@@ -107,7 +107,7 @@ class AdminPublicBodyController < AdminController
def update
PublicBody.with_locale(I18n.default_locale) do
- params[:public_body][:last_edit_editor] = admin_http_auth_user()
+ params[:public_body][:last_edit_editor] = admin_current_user()
@public_body = PublicBody.find(params[:id])
if @public_body.update_attributes(params[:public_body])
flash[:notice] = 'PublicBody was successfully updated.'
@@ -157,7 +157,7 @@ class AdminPublicBodyController < AdminController
params[:tag],
params[:tag_behaviour],
true,
- admin_http_auth_user(),
+ admin_current_user(),
I18n.available_locales)
if errors.size == 0
@@ -171,7 +171,7 @@ class AdminPublicBodyController < AdminController
params[:tag],
params[:tag_behaviour],
false,
- admin_http_auth_user(),
+ admin_current_user(),
I18n.available_locales)
if errors.size != 0
raise "dry run mismatched real run"
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index c97ef7f1e..3e574b10f 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -85,7 +85,7 @@ class AdminRequestController < AdminController
if @info_request.valid?
@info_request.save!
@info_request.log_event("edit",
- { :editor => admin_http_auth_user(),
+ { :editor => admin_current_user(),
:old_title => old_title, :title => @info_request.title,
:old_prominence => old_prominence, :prominence => @info_request.prominence,
:old_described_state => old_described_state, :described_state => @info_request.described_state,
@@ -128,7 +128,7 @@ class AdminRequestController < AdminController
@outgoing_message.fully_destroy
@outgoing_message.info_request.log_event("destroy_outgoing",
- { :editor => admin_http_auth_user(), :deleted_outgoing_message_id => outgoing_message_id })
+ { :editor => admin_current_user(), :deleted_outgoing_message_id => outgoing_message_id })
flash[:notice] = 'Outgoing message successfully destroyed.'
redirect_to request_admin_url(@info_request)
@@ -141,7 +141,7 @@ class AdminRequestController < AdminController
if @outgoing_message.update_attributes(params[:outgoing_message])
@outgoing_message.info_request.log_event("edit_outgoing",
- { :outgoing_message_id => @outgoing_message.id, :editor => admin_http_auth_user(),
+ { :outgoing_message_id => @outgoing_message.id, :editor => admin_current_user(),
:old_body => old_body, :body => @outgoing_message.body })
flash[:notice] = 'Outgoing message successfully updated.'
redirect_to request_admin_url(@outgoing_message.info_request)
@@ -163,7 +163,7 @@ class AdminRequestController < AdminController
if @comment.update_attributes(params[:comment])
@comment.info_request.log_event("edit_comment",
- { :comment_id => @comment.id, :editor => admin_http_auth_user(),
+ { :comment_id => @comment.id, :editor => admin_current_user(),
:old_body => old_body, :body => @comment.body,
:old_visible => old_visible, :visible => @comment.visible,
})
@@ -182,7 +182,7 @@ class AdminRequestController < AdminController
@incoming_message.fully_destroy
@incoming_message.info_request.log_event("destroy_incoming",
- { :editor => admin_http_auth_user(), :deleted_incoming_message_id => incoming_message_id })
+ { :editor => admin_current_user(), :deleted_incoming_message_id => incoming_message_id })
# expire cached files
expire_for_request(@info_request)
flash[:notice] = 'Incoming message successfully destroyed.'
@@ -213,7 +213,7 @@ class AdminRequestController < AdminController
incoming_message_id = incoming_message.id
incoming_message.info_request.log_event("redeliver_incoming", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:destination_request => destination_request.id,
:deleted_incoming_message_id => incoming_message_id
})
@@ -239,7 +239,7 @@ class AdminRequestController < AdminController
info_request.user = destination_user
info_request.save!
info_request.log_event("move_request", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:old_user_url_name => old_user.url_name,
:user_url_name => destination_user.url_name
})
@@ -257,7 +257,7 @@ class AdminRequestController < AdminController
info_request.public_body = destination_public_body
info_request.save!
info_request.log_event("move_request", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:old_public_body_url_name => old_public_body.url_name,
:public_body_url_name => destination_public_body.url_name
})
@@ -367,7 +367,7 @@ class AdminRequestController < AdminController
info_request.prominence = "requester_only"
info_request.log_event("hide", {
- :editor => admin_http_auth_user(),
+ :editor => admin_current_user(),
:reason => params[:reason],
:subject => subject,
:explanation => explanation
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f29015c63..3f3c169ae 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -340,20 +340,6 @@ class ApplicationController < ActionController::Base
end
- # For administration interface, return display name of authenticated user
- def admin_http_auth_user
- # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067
- # Hence the second clause which reads X-Forwarded-User header if available.
- # See the rewrite rules in conf/httpd.conf which set X-Forwarded-User
- if request.env["REMOTE_USER"]
- return request.env["REMOTE_USER"]
- elsif request.env["HTTP_X_FORWARDED_USER"]
- return request.env["HTTP_X_FORWARDED_USER"]
- else
- return "*unknown*";
- end
- end
-
# Convert URL name for sort by order, to Xapian query
def order_to_sort_by(sortby)
if sortby.nil?
diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb
index 150b433ec..0cde238cd 100644
--- a/app/controllers/general_controller.rb
+++ b/app/controllers/general_controller.rb
@@ -29,7 +29,7 @@ class GeneralController < ApplicationController
PublicBody.with_locale(@locale) do
if body_short_names.empty?
# This is too slow
- @popular_bodies = PublicBody.find(:all,
+ @popular_bodies = PublicBody.visible.find(:all,
:order => "info_requests_count desc",
:limit => 32,
:conditions => conditions,
@@ -58,6 +58,8 @@ class GeneralController < ApplicationController
xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count-@request_events.count)
more_events = xapian_object.results.map { |r| r[:model] }
@request_events += more_events
+ # Overall we still want the list sorted with the newest first
+ @request_events.sort!{|e1,e2| e2.created_at <=> e1.created_at}
else
@request_events_all_successful = true
end
@@ -71,7 +73,9 @@ class GeneralController < ApplicationController
def blog
medium_cache
@feed_autodetect = []
- @feed_url = "#{Configuration::blog_feed}?lang=#{self.locale_from_params()}"
+ @feed_url = Configuration::blog_feed
+ separator = @feed_url.include?('?') ? '&' : '?'
+ @feed_url = "#{@feed_url}#{separator}lang=#{self.locale_from_params()}"
@blog_items = []
if not @feed_url.empty?
content = quietly_try_to_open(@feed_url)
diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb
index b34e89b8d..8a4a65820 100644
--- a/app/controllers/public_body_controller.rb
+++ b/app/controllers/public_body_controller.rb
@@ -146,38 +146,7 @@ class PublicBodyController < ApplicationController
end
def list_all_csv
- public_bodies = PublicBody.find(:all, :order => 'url_name',
- :include => [:translations, :tags])
- report = FasterCSV.generate() do |csv|
- csv << [
- 'Name',
- 'Short name',
- # deliberately not including 'Request email'
- 'URL name',
- 'Tags',
- 'Home page',
- 'Publication scheme',
- 'Created at',
- 'Updated at',
- 'Version',
- ]
- public_bodies.each do |public_body|
- csv << [
- public_body.name,
- public_body.short_name,
- # DO NOT include request_email (we don't want to make it
- # easy to spam all authorities with requests)
- public_body.url_name,
- public_body.tag_string,
- public_body.calculated_home_page,
- public_body.publication_scheme,
- public_body.created_at,
- public_body.updated_at,
- public_body.version,
- ]
- end
- end
- send_data(report, :type=> 'text/csv; charset=utf-8; header=present',
+ send_data(PublicBody.export_csv, :type=> 'text/csv; charset=utf-8; header=present',
:filename => 'all-authorities.csv',
:disposition =>'attachment', :encoding => 'utf8')
end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 396e6593a..c732a4b32 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -44,7 +44,7 @@ class RequestController < ApplicationController
end
def show
- if !Configuration::varnish_host.nil?
+ if !Configuration::varnish_host.blank?
# If varnish is set up to accept PURGEs, then cache for a
# long time
long_cache
@@ -446,18 +446,19 @@ class RequestController < ApplicationController
return
end
+ calculated_status = @info_request.calculate_status
# Display advice for requester on what to do next, as appropriate
- if @info_request.calculate_status == 'waiting_response'
+ if calculated_status == 'waiting_response'
flash[:notice] = _("<p>Thank you! Hopefully your wait isn't too long.</p> <p>By law, you should get a response promptly, and normally before the end of <strong>
{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(@info_request.date_response_required_by))
redirect_to request_url(@info_request)
- elsif @info_request.calculate_status == 'waiting_response_overdue'
+ elsif calculated_status == 'waiting_response_overdue'
flash[:notice] = _("<p>Thank you! Hope you don't have to wait much longer.</p> <p>By law, you should have got a response promptly, and normally before the end of <strong>{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(@info_request.date_response_required_by))
redirect_to request_url(@info_request)
- elsif @info_request.calculate_status == 'waiting_response_very_overdue'
+ elsif calculated_status == 'waiting_response_very_overdue'
flash[:notice] = _("<p>Thank you! Your request is long overdue, by more than {{very_late_number_of_days}} working days. Most requests should be answered within {{late_number_of_days}} working days. You might like to complain about this, see below.</p>", :very_late_number_of_days => Configuration::reply_very_late_after_days, :late_number_of_days => Configuration::reply_late_after_days)
redirect_to unhappy_url(@info_request)
- elsif @info_request.calculate_status == 'not_held'
+ elsif calculated_status == 'not_held'
flash[:notice] = _("<p>Thank you! Here are some ideas on what to do next:</p>
<ul>
<li>To send your request to another authority, first copy the text of your request below, then <a href=\"{{find_authority_url}}\">find the other authority</a>.</li>
@@ -472,37 +473,37 @@ class RequestController < ApplicationController
:complain_url => CGI.escapeHTML(unhappy_url(@info_request)),
:other_means_url => CGI.escapeHTML(unhappy_url(@info_request)) + "#other_means")
redirect_to request_url(@info_request)
- elsif @info_request.calculate_status == 'rejected'
+ elsif calculated_status == 'rejected'
flash[:notice] = _("Oh no! Sorry to hear that your request was refused. Here is what to do now.")
redirect_to unhappy_url(@info_request)
- elsif @info_request.calculate_status == 'successful'
+ elsif calculated_status == 'successful'
flash[:notice] = _("<p>We're glad you got all the information that you wanted. If you write about or make use of the information, please come back and add an annotation below saying what you did.</p><p>If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p>", :site_name=>site_name, :donation_url => "http://www.mysociety.org/donate/")
redirect_to request_url(@info_request)
- elsif @info_request.calculate_status == 'partially_successful'
+ elsif calculated_status == 'partially_successful'
flash[:notice] = _("<p>We're glad you got some of the information that you wanted. If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p><p>If you want to try and get the rest of the information, here's what to do now.</p>", :site_name=>site_name, :donation_url=>"http://www.mysociety.org/donate/")
redirect_to unhappy_url(@info_request)
- elsif @info_request.calculate_status == 'waiting_clarification'
+ elsif calculated_status == 'waiting_clarification'
flash[:notice] = _("Please write your follow up message containing the necessary clarifications below.")
redirect_to respond_to_last_url(@info_request)
- elsif @info_request.calculate_status == 'gone_postal'
+ elsif calculated_status == 'gone_postal'
redirect_to respond_to_last_url(@info_request) + "?gone_postal=1"
- elsif @info_request.calculate_status == 'internal_review'
+ elsif calculated_status == 'internal_review'
flash[:notice] = _("<p>Thank you! Hopefully your wait isn't too long.</p><p>You should get a response within {{late_number_of_days}} days, or be told if it will take longer (<a href=\"{{review_url}}\">details</a>).</p>",:late_number_of_days => Configuration.reply_late_after_days, :review_url => unhappy_url(@info_request) + "#internal_review")
redirect_to request_url(@info_request)
- elsif @info_request.calculate_status == 'error_message'
+ elsif calculated_status == 'error_message'
flash[:notice] = _("<p>Thank you! We'll look into what happened and try and fix it up.</p><p>If the error was a delivery failure, and you can find an up to date FOI email address for the authority, please tell us using the form below.</p>")
redirect_to help_general_url(:action => 'contact')
- elsif @info_request.calculate_status == 'requires_admin'
+ elsif calculated_status == 'requires_admin'
flash[:notice] = _("Please use the form below to tell us more.")
redirect_to help_general_url(:action => 'contact')
- elsif @info_request.calculate_status == 'user_withdrawn'
+ elsif calculated_status == 'user_withdrawn'
flash[:notice] = _("If you have not done so already, please write a message below telling the authority that you have withdrawn your request. Otherwise they will not know it has been withdrawn.")
redirect_to respond_to_last_url(@info_request)
else
if @@custom_states_loaded
return self.theme_describe_state(@info_request)
else
- raise "unknown calculate_status " + @info_request.calculate_status
+ raise "unknown calculate_status " + calculated_status
end
end
end
@@ -875,7 +876,7 @@ class RequestController < ApplicationController
Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile|
convert_command = Configuration::html_to_pdf_command
done = false
- if File.exists?(convert_command)
+ if !convert_command.blank? && File.exists?(convert_command)
url = "http://#{Configuration::domain}#{request_url(info_request)}?print_stylesheet=1"
tempfile = Tempfile.new('foihtml2pdf')
output = AlaveteliExternalCommand.run(convert_command, url, tempfile.path)
diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb
index ead5d73b7..38bf51772 100644
--- a/app/controllers/services_controller.rb
+++ b/app/controllers/services_controller.rb
@@ -9,13 +9,13 @@ class ServicesController < ApplicationController
iso_country_code = Configuration::iso_country_code.downcase
if country_from_ip.downcase != iso_country_code
found_country = WorldFOIWebsites.by_code(country_from_ip)
- found_country_name = !found_country.nil? && found_country[:country_name]
old_fgt_locale = FastGettext.locale
begin
FastGettext.locale = FastGettext.best_locale_in(request.env['HTTP_ACCEPT_LANGUAGE'])
- if found_country_name
- text = _("Hello! You can make Freedom of Information requests within {{country_name}} at {{link_to_website}}", :country_name => found_country_name, :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>")
+ if found_country && found_country[:country_name] && found_country[:url] && found_country[:name]
+ text = _("Hello! You can make Freedom of Information requests within {{country_name}} at {{link_to_website}}",
+ :country_name => found_country[:country_name], :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>")
else
current_country = WorldFOIWebsites.by_code(iso_country_code)[:country_name]
text = _("Hello! We have an <a href=\"/help/alaveteli?country_name=#{CGI.escape(current_country)}\">important message</a> for visitors outside {{country_name}}", :country_name => current_country)
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 8e76b4c9f..51e081c88 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -180,7 +180,7 @@ class TrackController < ApplicationController
new_medium = params[:track_medium]
if new_medium == 'delete'
track_thing.destroy
- flash[:notice] = _("You are no longer following {{track_description}}", :track_description => track_thing.params[:list_description])
+ flash[:notice] = _("You are no longer following {{track_description}}.", :track_description => track_thing.params[:list_description])
redirect_to params[:r]
# Reuse code like this if we let medium change again.
#elsif new_medium == 'email_daily'
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 810b3321e..4ee527bae 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -119,13 +119,13 @@ class UserController < ApplicationController
@track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc')
for track_thing in @track_things
# XXX factor out of track_mailer.rb
- xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1)
+ xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1)
feed_results += xapian_object.results.map {|x| x[:model]}
end
end
@feed_results = Array(feed_results).sort {|x,y| y.created_at <=> x.created_at}.first(20)
-
+
respond_to do |format|
format.html { @has_json = true }
format.json { render :json => @display_user.json_for_api }
@@ -244,6 +244,7 @@ class UserController < ApplicationController
session[:user_circumstance] = nil
session[:remember_me] = false
session[:using_admin] = nil
+ session[:admin_name] = nil
end
def signout
self._do_signout
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 01:20:09 +0000