diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/admin_user_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
-rw-r--r-- | app/controllers/comment_controller.rb | 67 | ||||
-rw-r--r-- | app/controllers/help_controller.rb | 9 | ||||
-rw-r--r-- | app/controllers/request_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/services_controller.rb | 11 | ||||
-rw-r--r-- | app/controllers/track_controller.rb | 19 |
7 files changed, 80 insertions, 46 deletions
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb index 940a5fe8f..a6438e151 100644 --- a/app/controllers/admin_user_controller.rb +++ b/app/controllers/admin_user_controller.rb @@ -99,6 +99,12 @@ class AdminUserController < AdminController redirect_to admin_user_show_url(@admin_user) end + def modify_comment_visibility + @visibility_value = params.key?(:hide_selected) ? false : true + Comment.update_all(["visible=?", @visibility_value], :id => params[:comment_ids]) + redirect_to :back + end + private end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 370e8e15c..410778d9a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -131,6 +131,7 @@ class ApplicationController < ActionController::Base case exception when ActiveRecord::RecordNotFound, RouteNotFound @status = 404 + sanitize_path(params) when PermissionDenied @status = 403 else @@ -441,6 +442,15 @@ class ApplicationController < ActionController::Base `git log -1 --format="%H"`.strip end + # URL Encode the path parameter for use in render_exception + # + # params - the params Hash + # + # Returns a Hash + def sanitize_path(params) + params.merge!(:path => Rack::Utils.escape(params[:path])) if params.key?(:path) + end + # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into # all of all. diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb index cda56a211..5e39c3a2c 100644 --- a/app/controllers/comment_controller.rb +++ b/app/controllers/comment_controller.rb @@ -6,34 +6,18 @@ class CommentController < ApplicationController before_filter :check_read_only, :only => [ :new ] + before_filter :find_info_request, :only => [ :new ] + before_filter :create_track_thing, :only => [ :new ] + before_filter :reject_unless_comments_allowed, :only => [ :new ] + before_filter :reject_if_user_banned, :only => [ :new ] protect_from_forgery :only => [ :new ] def new - if params[:type] == 'request' - @info_request = InfoRequest.find_by_url_title!(params[:url_title]) - @track_thing = TrackThing.create_track_for_request(@info_request) - if params[:comment] - @comment = Comment.new(params[:comment].merge({ - :comment_type => 'request', - :user => @user - })) - end - else - raise "Unknown type " + params[:type] - end - - # Are comments disabled on this request? - # - # There is no “add comment” link when comments are disabled, so users should - # not usually hit this unless they are explicitly attempting to avoid the comment - # block, so we just raise an exception. - raise "Comments are not allowed on this request" if !@info_request.comments_allowed? - - # Banned from adding comments? - if !authenticated_user.nil? && !authenticated_user.can_make_comments? - @details = authenticated_user.can_fail_html - render :template => 'user/banned' - return + if params[:comment] + @comment = Comment.new(params[:comment].merge({ + :comment_type => 'request', + :user => @user + })) end if params[:comment] @@ -92,5 +76,36 @@ class CommentController < ApplicationController end end -end + private + def find_info_request + if params[:type] == 'request' + @info_request = InfoRequest.find_by_url_title!(params[:url_title]) + else + raise "Unknown type #{ params[:type] }" + end + end + + def create_track_thing + @track_thing = TrackThing.create_track_for_request(@info_request) + end + + # Are comments disabled on this request? + # + # There is no “add comment” link when comments are disabled, so users should + # not usually hit this unless they are explicitly attempting to avoid the comment block + def reject_unless_comments_allowed + unless @info_request.comments_allowed? + redirect_to request_url(@info_request), :notice => "Comments are not allowed on this request" + end + end + + # Banned from adding comments? + def reject_if_user_banned + if authenticated_user && !authenticated_user.can_make_comments? + @details = authenticated_user.can_fail_html + render :template => 'user/banned' + end + end + +end diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index 9959df6d8..9033198a0 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -9,6 +9,7 @@ class HelpController < ApplicationController # we don't even have a control subroutine for most help pages, just see their templates before_filter :long_cache + before_filter :catch_spam, :only => [:contact] def unhappy @info_request = nil @@ -69,4 +70,12 @@ class HelpController < ApplicationController end + private + + def catch_spam + if request.post? && !params[:contact][:comment].empty? + redirect_to frontpage_url + end + end + end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index a94461758..6445dd685 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -447,9 +447,9 @@ class RequestController < ApplicationController flash[:notice] = case info_request.calculate_status when 'waiting_response' _("<p>Thank you! Hopefully your wait isn't too long.</p> <p>By law, you should get a response promptly, and normally before the end of <strong> -{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(info_request.date_response_required_by)) +{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>view_context.simple_date(info_request.date_response_required_by)) when 'waiting_response_overdue' - _("<p>Thank you! Hope you don't have to wait much longer.</p> <p>By law, you should have got a response promptly, and normally before the end of <strong>{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(info_request.date_response_required_by)) + _("<p>Thank you! Hope you don't have to wait much longer.</p> <p>By law, you should have got a response promptly, and normally before the end of <strong>{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>view_context.simple_date(info_request.date_response_required_by)) when 'waiting_response_very_overdue' _("<p>Thank you! Your request is long overdue, by more than {{very_late_number_of_days}} working days. Most requests should be answered within {{late_number_of_days}} working days. You might like to complain about this, see below.</p>", :very_late_number_of_days => AlaveteliConfiguration::reply_very_late_after_days, :late_number_of_days => AlaveteliConfiguration::reply_late_after_days) when 'not_held' diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb index 78c494dba..97c47c448 100644 --- a/app/controllers/services_controller.rb +++ b/app/controllers/services_controller.rb @@ -17,8 +17,15 @@ class ServicesController < ApplicationController text = _("Hello! You can make Freedom of Information requests within {{country_name}} at {{link_to_website}}", :country_name => found_country[:country_name], :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>".html_safe) else - current_country = WorldFOIWebsites.by_code(iso_country_code)[:country_name] - text = _("Hello! We have an <a href=\"/help/alaveteli?country_name=#{CGI.escape(current_country)}\">important message</a> for visitors outside {{country_name}}", :country_name => current_country) + country_data = WorldFOIWebsites.by_code(iso_country_code) + if country_data + text = _("Hello! We have an <a href=\"{{url}}\">important message</a> for visitors outside {{country_name}}", + :country_name => country_data[:country_name], + :url => "/help/alaveteli?country_name=#{CGI.escape(country_data[:country_name])}") + else + text = _("Hello! We have an <a href=\"{{url}}\">important message</a> for visitors in other countries", + :url => "/help/alaveteli") + end end ensure FastGettext.locale = old_fgt_locale diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 83e05ebbc..dccc52efc 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -118,7 +118,7 @@ class TrackController < ApplicationController if @user @existing_track = TrackThing.find_existing(@user, @track_thing) if @existing_track - flash[:notice] = _("You are already following updates about {{track_description}}", :track_description => @track_thing.params[:list_description]) + flash[:notice] = view_context.already_subscribed_notice(@track_thing) return true end end @@ -130,11 +130,7 @@ class TrackController < ApplicationController @track_thing.track_medium = 'email_daily' @track_thing.tracking_user_id = @user.id @track_thing.save! - if @user.receive_email_alerts - flash[:notice] = _('You will now be emailed updates about {{track_description}}. <a href="{{change_email_alerts_url}}">Prefer not to receive emails?</a>', :track_description => @track_thing.params[:list_description], :change_email_alerts_url => url_for(:controller => "user", :action => "wall", :url_name => @user.url_name)) - else - flash[:notice] = _('You are now <a href="{{wall_url_user}}">following</a> updates about {{track_description}}', :track_description => @track_thing.params[:list_description], :wall_url_user => url_for(:controller => "user", :action => "wall", :url_name => @user.url_name)) - end + flash[:notice] = render_to_string(:partial => 'track_set').html_safe return true end @@ -183,16 +179,8 @@ class TrackController < ApplicationController new_medium = params[:track_medium] if new_medium == 'delete' track_thing.destroy - flash[:notice] = _("You are no longer following {{track_description}}.", :track_description => track_thing.params[:list_description]) + flash[:notice] = view_context.unsubscribe_notice(track_thing) redirect_to URI.parse(params[:r]).path - - # Reuse code like this if we let medium change again. - #elsif new_medium == 'email_daily' - # track_thing.track_medium = new_medium - # track_thing.created_at = Time.now() # as created_at is used to limit the alerts to start with - # track_thing.save! - # flash[:notice] = "You are now tracking " + track_thing.params[:list_description] + " by email daily" - # redirect_to user_url(track_thing.tracking_user) else raise "new medium not handled " + new_medium end @@ -217,7 +205,6 @@ class TrackController < ApplicationController for track_thing in TrackThing.find(:all, :conditions => [ "track_type = ? and tracking_user_id = ?", track_type, user_id ]) track_thing.destroy end - flash[:notice] += "</ul>" redirect_to params[:r] end |