aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_spam_addresses_controller.rb27
-rw-r--r--app/controllers/admin_user_controller.rb6
-rw-r--r--app/controllers/application_controller.rb18
-rw-r--r--app/controllers/comment_controller.rb67
-rw-r--r--app/controllers/help_controller.rb9
-rw-r--r--app/controllers/request_controller.rb21
-rw-r--r--app/controllers/services_controller.rb11
-rw-r--r--app/controllers/track_controller.rb19
8 files changed, 121 insertions, 57 deletions
diff --git a/app/controllers/admin_spam_addresses_controller.rb b/app/controllers/admin_spam_addresses_controller.rb
new file mode 100644
index 000000000..f5c7e93da
--- /dev/null
+++ b/app/controllers/admin_spam_addresses_controller.rb
@@ -0,0 +1,27 @@
+class AdminSpamAddressesController < AdminController
+
+ def index
+ @spam_addresses = SpamAddress.all
+ @spam_address = SpamAddress.new
+ end
+
+ def create
+ @spam_address = SpamAddress.new(params[:spam_address])
+
+ if @spam_address.save
+ notice = "#{ @spam_address.email } has been added to the spam addresses list"
+ redirect_to spam_addresses_path, :notice => notice
+ else
+ @spam_addresses = SpamAddress.all
+ render :index
+ end
+ end
+
+ def destroy
+ @spam_address = SpamAddress.find(params[:id])
+ @spam_address.destroy
+ notice = "#{ @spam_address.email } has been removed from the spam addresses list"
+ redirect_to spam_addresses_path, :notice => notice
+ end
+
+end
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index 940a5fe8f..a6438e151 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -99,6 +99,12 @@ class AdminUserController < AdminController
redirect_to admin_user_show_url(@admin_user)
end
+ def modify_comment_visibility
+ @visibility_value = params.key?(:hide_selected) ? false : true
+ Comment.update_all(["visible=?", @visibility_value], :id => params[:comment_ids])
+ redirect_to :back
+ end
+
private
end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 370e8e15c..78a82316a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -129,8 +129,9 @@ class ApplicationController < ActionController::Base
@exception_class = exception.class.to_s
@exception_message = exception.message
case exception
- when ActiveRecord::RecordNotFound, RouteNotFound
+ when ActiveRecord::RecordNotFound, RouteNotFound, WillPaginate::InvalidPage
@status = 404
+ sanitize_path(params)
when PermissionDenied
@status = 403
else
@@ -431,7 +432,11 @@ class ApplicationController < ActionController::Base
def country_from_ip
country = ""
if !AlaveteliConfiguration::gaze_url.empty?
- country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}")
+ begin
+ country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}")
+ rescue ActionDispatch::RemoteIp::IpSpoofAttackError
+ country = AlaveteliConfiguration::iso_country_code
+ end
end
country = AlaveteliConfiguration::iso_country_code if country.empty?
return country
@@ -441,6 +446,15 @@ class ApplicationController < ActionController::Base
`git log -1 --format="%H"`.strip
end
+ # URL Encode the path parameter for use in render_exception
+ #
+ # params - the params Hash
+ #
+ # Returns a Hash
+ def sanitize_path(params)
+ params.merge!(:path => Rack::Utils.escape(params[:path])) if params.key?(:path)
+ end
+
# URL generating functions are needed by all controllers (for redirects),
# views (for links) and mailers (for use in emails), so include them into
# all of all.
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index cda56a211..5e39c3a2c 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -6,34 +6,18 @@
class CommentController < ApplicationController
before_filter :check_read_only, :only => [ :new ]
+ before_filter :find_info_request, :only => [ :new ]
+ before_filter :create_track_thing, :only => [ :new ]
+ before_filter :reject_unless_comments_allowed, :only => [ :new ]
+ before_filter :reject_if_user_banned, :only => [ :new ]
protect_from_forgery :only => [ :new ]
def new
- if params[:type] == 'request'
- @info_request = InfoRequest.find_by_url_title!(params[:url_title])
- @track_thing = TrackThing.create_track_for_request(@info_request)
- if params[:comment]
- @comment = Comment.new(params[:comment].merge({
- :comment_type => 'request',
- :user => @user
- }))
- end
- else
- raise "Unknown type " + params[:type]
- end
-
- # Are comments disabled on this request?
- #
- # There is no “add comment” link when comments are disabled, so users should
- # not usually hit this unless they are explicitly attempting to avoid the comment
- # block, so we just raise an exception.
- raise "Comments are not allowed on this request" if !@info_request.comments_allowed?
-
- # Banned from adding comments?
- if !authenticated_user.nil? && !authenticated_user.can_make_comments?
- @details = authenticated_user.can_fail_html
- render :template => 'user/banned'
- return
+ if params[:comment]
+ @comment = Comment.new(params[:comment].merge({
+ :comment_type => 'request',
+ :user => @user
+ }))
end
if params[:comment]
@@ -92,5 +76,36 @@ class CommentController < ApplicationController
end
end
-end
+ private
+ def find_info_request
+ if params[:type] == 'request'
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
+ else
+ raise "Unknown type #{ params[:type] }"
+ end
+ end
+
+ def create_track_thing
+ @track_thing = TrackThing.create_track_for_request(@info_request)
+ end
+
+ # Are comments disabled on this request?
+ #
+ # There is no “add comment” link when comments are disabled, so users should
+ # not usually hit this unless they are explicitly attempting to avoid the comment block
+ def reject_unless_comments_allowed
+ unless @info_request.comments_allowed?
+ redirect_to request_url(@info_request), :notice => "Comments are not allowed on this request"
+ end
+ end
+
+ # Banned from adding comments?
+ def reject_if_user_banned
+ if authenticated_user && !authenticated_user.can_make_comments?
+ @details = authenticated_user.can_fail_html
+ render :template => 'user/banned'
+ end
+ end
+
+end
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index 9959df6d8..9033198a0 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -9,6 +9,7 @@ class HelpController < ApplicationController
# we don't even have a control subroutine for most help pages, just see their templates
before_filter :long_cache
+ before_filter :catch_spam, :only => [:contact]
def unhappy
@info_request = nil
@@ -69,4 +70,12 @@ class HelpController < ApplicationController
end
+ private
+
+ def catch_spam
+ if request.post? && !params[:contact][:comment].empty?
+ redirect_to frontpage_url
+ end
+ end
+
end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index a94461758..d66c28275 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -447,9 +447,9 @@ class RequestController < ApplicationController
flash[:notice] = case info_request.calculate_status
when 'waiting_response'
_("<p>Thank you! Hopefully your wait isn't too long.</p> <p>By law, you should get a response promptly, and normally before the end of <strong>
-{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(info_request.date_response_required_by))
+{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>view_context.simple_date(info_request.date_response_required_by))
when 'waiting_response_overdue'
- _("<p>Thank you! Hope you don't have to wait much longer.</p> <p>By law, you should have got a response promptly, and normally before the end of <strong>{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(info_request.date_response_required_by))
+ _("<p>Thank you! Hope you don't have to wait much longer.</p> <p>By law, you should have got a response promptly, and normally before the end of <strong>{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>view_context.simple_date(info_request.date_response_required_by))
when 'waiting_response_very_overdue'
_("<p>Thank you! Your request is long overdue, by more than {{very_late_number_of_days}} working days. Most requests should be answered within {{late_number_of_days}} working days. You might like to complain about this, see below.</p>", :very_late_number_of_days => AlaveteliConfiguration::reply_very_late_after_days, :late_number_of_days => AlaveteliConfiguration::reply_late_after_days)
when 'not_held'
@@ -763,18 +763,17 @@ class RequestController < ApplicationController
key_path = foi_fragment_cache_path(key)
image_dir = File.dirname(key_path)
FileUtils.mkdir_p(image_dir)
- html, wrapper_id = @attachment.body_as_html(image_dir)
- view_html_stylesheet = render_to_string :partial => "request/view_html_stylesheet"
- html.sub!(/<head>/i, "<head>" + view_html_stylesheet)
- html.sub!(/<body[^>]*>/i, '<body><prefix-here><div id="' + wrapper_id + '"><div id="view-html-content">')
- html.sub!(/<\/body[^>]*>/i, '</div></div></body>')
-
- view_html_prefix = render_to_string :partial => "request/view_html_prefix"
- html.sub!("<prefix-here>", view_html_prefix)
- html.sub!("<attachment-url-here>", CGI.escape(@attachment_url))
+ html = @attachment.body_as_html(image_dir,
+ :attachment_url => Rack::Utils.escape(@attachment_url),
+ :content_for => {
+ :head_suffix => render_to_string(:partial => "request/view_html_stylesheet"),
+ :body_prefix => render_to_string(:partial => "request/view_html_prefix")
+ }
+ )
@incoming_message.html_mask_stuff!(html)
+
response.content_type = 'text/html'
render :text => html
end
diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb
index 78c494dba..97c47c448 100644
--- a/app/controllers/services_controller.rb
+++ b/app/controllers/services_controller.rb
@@ -17,8 +17,15 @@ class ServicesController < ApplicationController
text = _("Hello! You can make Freedom of Information requests within {{country_name}} at {{link_to_website}}",
:country_name => found_country[:country_name], :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>".html_safe)
else
- current_country = WorldFOIWebsites.by_code(iso_country_code)[:country_name]
- text = _("Hello! We have an <a href=\"/help/alaveteli?country_name=#{CGI.escape(current_country)}\">important message</a> for visitors outside {{country_name}}", :country_name => current_country)
+ country_data = WorldFOIWebsites.by_code(iso_country_code)
+ if country_data
+ text = _("Hello! We have an <a href=\"{{url}}\">important message</a> for visitors outside {{country_name}}",
+ :country_name => country_data[:country_name],
+ :url => "/help/alaveteli?country_name=#{CGI.escape(country_data[:country_name])}")
+ else
+ text = _("Hello! We have an <a href=\"{{url}}\">important message</a> for visitors in other countries",
+ :url => "/help/alaveteli")
+ end
end
ensure
FastGettext.locale = old_fgt_locale
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 83e05ebbc..dccc52efc 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -118,7 +118,7 @@ class TrackController < ApplicationController
if @user
@existing_track = TrackThing.find_existing(@user, @track_thing)
if @existing_track
- flash[:notice] = _("You are already following updates about {{track_description}}", :track_description => @track_thing.params[:list_description])
+ flash[:notice] = view_context.already_subscribed_notice(@track_thing)
return true
end
end
@@ -130,11 +130,7 @@ class TrackController < ApplicationController
@track_thing.track_medium = 'email_daily'
@track_thing.tracking_user_id = @user.id
@track_thing.save!
- if @user.receive_email_alerts
- flash[:notice] = _('You will now be emailed updates about {{track_description}}. <a href="{{change_email_alerts_url}}">Prefer not to receive emails?</a>', :track_description => @track_thing.params[:list_description], :change_email_alerts_url => url_for(:controller => "user", :action => "wall", :url_name => @user.url_name))
- else
- flash[:notice] = _('You are now <a href="{{wall_url_user}}">following</a> updates about {{track_description}}', :track_description => @track_thing.params[:list_description], :wall_url_user => url_for(:controller => "user", :action => "wall", :url_name => @user.url_name))
- end
+ flash[:notice] = render_to_string(:partial => 'track_set').html_safe
return true
end
@@ -183,16 +179,8 @@ class TrackController < ApplicationController
new_medium = params[:track_medium]
if new_medium == 'delete'
track_thing.destroy
- flash[:notice] = _("You are no longer following {{track_description}}.", :track_description => track_thing.params[:list_description])
+ flash[:notice] = view_context.unsubscribe_notice(track_thing)
redirect_to URI.parse(params[:r]).path
-
- # Reuse code like this if we let medium change again.
- #elsif new_medium == 'email_daily'
- # track_thing.track_medium = new_medium
- # track_thing.created_at = Time.now() # as created_at is used to limit the alerts to start with
- # track_thing.save!
- # flash[:notice] = "You are now tracking " + track_thing.params[:list_description] + " by email daily"
- # redirect_to user_url(track_thing.tracking_user)
else
raise "new medium not handled " + new_medium
end
@@ -217,7 +205,6 @@ class TrackController < ApplicationController
for track_thing in TrackThing.find(:all, :conditions => [ "track_type = ? and tracking_user_id = ?", track_type, user_id ])
track_thing.destroy
end
- flash[:notice] += "</ul>"
redirect_to params[:r]
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 02:12:59 +0000