aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_controller.rb7
-rw-r--r--app/controllers/admin_public_body_controller.rb22
-rw-r--r--app/controllers/api_controller.rb169
-rw-r--r--app/controllers/general_controller.rb2
-rw-r--r--app/controllers/request_controller.rb8
-rw-r--r--app/controllers/user_controller.rb1
6 files changed, 194 insertions, 15 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 884d7e540..d8fda9c01 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -47,8 +47,6 @@ class AdminController < ApplicationController
end
end
- private
-
def authenticate
if MySociety::Config.get('SKIP_ADMIN_AUTH', false)
session[:using_admin] = 1
@@ -64,6 +62,11 @@ class AdminController < ApplicationController
if !@user.nil? && @user.admin_level == "super"
session[:using_admin] = 1
request.env['REMOTE_USER'] = @user.url_name
+ else
+
+ session[:using_admin] = nil
+ session[:user_id] = nil
+ self.authenticate
end
end
else
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb
index be733ab7d..285523e11 100644
--- a/app/controllers/admin_public_body_controller.rb
+++ b/app/controllers/admin_public_body_controller.rb
@@ -139,17 +139,20 @@ class AdminPublicBodyController < AdminController
end
def import_csv
+ if params['commit'] == 'Dry run'
+ dry_run_only = true
+ elsif params['commit'] == 'Upload'
+ dry_run_only = false
+ else
+ raise "internal error, unknown button label"
+ end
if params[:csv_file]
- if params['commit'] == 'Dry run'
- dry_run_only = true
- elsif params['commit'] == 'Upload'
- dry_run_only = false
- else
- raise "internal error, unknown button label"
- end
-
- # Try with dry run first
csv_contents = params[:csv_file].read
+ else
+ csv_contents = session.delete(:previous_csv)
+ end
+ if !csv_contents.nil?
+ # Try with dry run first
en = PublicBody.import_csv(csv_contents, params[:tag], params[:tag_behaviour], true, admin_http_auth_user(), I18n.available_locales)
errors = en[0]
notes = en[1]
@@ -157,6 +160,7 @@ class AdminPublicBodyController < AdminController
if errors.size == 0
if dry_run_only
notes.push("Dry run was successful, real run would do as above.")
+ session[:previous_csv] = csv_contents
else
# And if OK, with real run
en = PublicBody.import_csv(csv_contents, params[:tag], params[:tag_behaviour], false, admin_http_auth_user(), I18n.available_locales)
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
new file mode 100644
index 000000000..524aa44b7
--- /dev/null
+++ b/app/controllers/api_controller.rb
@@ -0,0 +1,169 @@
+class ApiController < ApplicationController
+ before_filter :check_api_key
+
+ def show_request
+ @request = InfoRequest.find(params[:id])
+ raise PermissionDenied if @request.public_body_id != @public_body.id
+
+ @request_data = {
+ :id => @request.id,
+ :url => make_url("request", @request.url_title),
+ :title => @request.title,
+
+ :created_at => @request.created_at,
+ :updated_at => @request.updated_at,
+
+ :status => @request.calculate_status,
+
+ :public_body_url => make_url("body", @request.public_body.url_name),
+ :requestor_url => make_url("user", @request.user.url_name),
+ :request_email => @request.incoming_email,
+
+ :request_text => @request.last_event_forming_initial_request.outgoing_message.body,
+ }
+
+ render :json => @request_data
+ end
+
+ def create_request
+ json = ActiveSupport::JSON.decode(params[:request_json])
+ request = InfoRequest.new(
+ :title => json["title"],
+ :public_body_id => @public_body.id,
+ :described_state => "waiting_response",
+ :external_user_name => json["external_user_name"],
+ :external_url => json["external_url"]
+ )
+
+ outgoing_message = OutgoingMessage.new(
+ :status => 'ready',
+ :message_type => 'initial_request',
+ :body => json["body"],
+ :last_sent_at => Time.now(),
+ :what_doing => 'normal_sort',
+ :info_request => request
+ )
+ request.outgoing_messages << outgoing_message
+
+ # Return an error if the request is invalid
+ # (Can this ever happen?)
+ if !request.valid?
+ render :json => {
+ 'errors' => request.errors.full_messages
+ }
+ return
+ end
+
+ # Save the request, and add the corresponding InfoRequestEvent
+ request.save!
+ request.log_event("sent",
+ :api => true,
+ :email => nil,
+ :outgoing_message_id => outgoing_message.id,
+ :smtp_message_id => nil
+ )
+
+ # Return the URL and ID number.
+ render :json => {
+ 'url' => make_url("request", request.url_title),
+ 'id' => request.id
+ }
+
+ end
+
+ def add_correspondence
+ request = InfoRequest.find(params[:id])
+ json = ActiveSupport::JSON.decode(params[:correspondence_json])
+ attachments = params[:attachments]
+
+ direction = json["direction"]
+ body = json["body"]
+ sent_at_str = json["sent_at"]
+
+ errors = []
+
+ if !request.is_external?
+ raise ActiveRecord::RecordNotFound.new("Request #{params[:id]} cannot be updated using the API")
+ end
+
+ if request.public_body_id != @public_body.id
+ raise ActiveRecord::RecordNotFound.new("You do not own request #{params[:id]}")
+ end
+
+ if !["request", "response"].include?(direction)
+ errors << "The direction parameter must be 'request' or 'response'"
+ end
+
+ if body.nil?
+ errors << "The 'body' is missing"
+ elsif body.empty?
+ errors << "The 'body' is empty"
+ end
+
+ begin
+ sent_at = Time.iso8601(sent_at_str)
+ rescue ArgumentError
+ errors << "Failed to parse 'sent_at' field as ISO8601 time: #{sent_at_str}"
+ end
+
+ if direction == "request" && !attachments.nil?
+ errors << "You cannot attach files to messages in the 'request' direction"
+ end
+
+ if !errors.empty?
+ render :json => { "errors" => errors }, :status => 500
+ return
+ end
+
+ if direction == "request"
+ # In the 'request' direction, i.e. what we (Alaveteli) regard as outgoing
+
+ outgoing_message = OutgoingMessage.new(
+ :info_request => request,
+ :status => 'ready',
+ :message_type => 'followup',
+ :body => body,
+ :last_sent_at => sent_at,
+ :what_doing => 'normal_sort'
+ )
+ request.outgoing_messages << outgoing_message
+ request.save!
+ request.log_event("followup_sent",
+ :api => true,
+ :email => nil,
+ :outgoing_message_id => outgoing_message.id,
+ :smtp_message_id => nil
+ )
+ else
+ # In the 'response' direction, i.e. what we (Alaveteli) regard as incoming
+ attachment_hashes = []
+ (attachments || []).each_with_index do |attachment, i|
+ filename = File.basename(attachment.original_filename)
+ attachment_body = attachment.read
+ content_type = AlaveteliFileTypes.filename_and_content_to_mimetype(filename, attachment_body) || 'application/octet-stream'
+ attachment_hashes.push(
+ :content_type => content_type,
+ :body => attachment_body,
+ :filename => filename
+ )
+ end
+
+ mail = RequestMailer.create_external_response(request, body, sent_at, attachment_hashes)
+ request.receive(mail, mail.encoded, true)
+ end
+
+ head :no_content
+ end
+
+ protected
+ def check_api_key
+ raise "Missing required parameter 'k'" if params[:k].nil?
+ @public_body = PublicBody.find_by_api_key(params[:k].gsub(' ', '+'))
+ raise PermissionDenied if @public_body.nil?
+ end
+
+ private
+ def make_url(*args)
+ "http://" + MySociety::Config.get("DOMAIN", '127.0.0.1:3000') + "/" + args.join("/")
+ end
+end
diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb
index 6e89a2832..839064fcd 100644
--- a/app/controllers/general_controller.rb
+++ b/app/controllers/general_controller.rb
@@ -21,7 +21,7 @@ class GeneralController < ApplicationController
# New, improved front page!
def frontpage
medium_cache
- behavior_cache do
+ behavior_cache :tag => [session[:user_id], request.url] do
# get some example searches and public bodies to display
# either from config, or based on a (slow!) query if not set
body_short_names = MySociety::Config.get('FRONTPAGE_PUBLICBODY_EXAMPLES', '').split(/\s*;\s*/).map{|s| "'%s'" % s.gsub(/'/, "''") }.join(", ")
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 2f5b4d643..7f42eeb7e 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -59,7 +59,7 @@ class RequestController < ApplicationController
# Look up by old style numeric identifiers
if params[:url_title].match(/^[0-9]+$/)
@info_request = InfoRequest.find(params[:url_title].to_i)
- redirect_to request_url(@info_request)
+ redirect_to request_url(@info_request, :format => params[:format])
return
end
@@ -309,9 +309,11 @@ class RequestController < ApplicationController
# See if values were valid or not
if !@existing_request.nil? || !@info_request.valid?
- # We don't want the error "Outgoing messages is invalid", as the outgoing message
- # will be valid for a specific reason which we are displaying anyway.
+ # We don't want the error "Outgoing messages is invalid", as in this
+ # case the list of errors will also contain a more specific error
+ # describing the reason it is invalid.
@info_request.errors.delete("outgoing_messages")
+
render :action => 'new'
return
end
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index e56c4dd33..0a9e1d781 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -245,6 +245,7 @@ class UserController < ApplicationController
session[:user_id] = nil
session[:user_circumstance] = nil
session[:remember_me] = false
+ session[:using_admin] = nil
end
def signout
self._do_signout
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 07:16:42 +0000