diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/api_controller.rb | 166 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/comment_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/public_body_change_requests_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/public_body_controller.rb | 88 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 16 | ||||
| -rw-r--r-- | app/controllers/services_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/track_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 12 |
11 files changed, 204 insertions, 129 deletions
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index fc291d998..21120e4ad 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -100,7 +100,8 @@ class AdminRequestController < AdminController @info_request.fully_destroy # expire cached files expire_for_request(@info_request) - flash[:notice] = "Request #{url_title} has been completely destroyed. Email of user who made request: " + user.email + email = user.try(:email) ? user.email : 'This request is external so has no associated user' + flash[:notice] = "Request #{ url_title } has been completely destroyed. Email of user who made request: #{ email }" redirect_to admin_request_list_url end @@ -199,7 +200,7 @@ class AdminRequestController < AdminController end # Bejeeps, look, sometimes a URL is something that belongs in a controller, jesus. - # XXX hammer this square peg into the round MVC hole + # TODO: hammer this square peg into the round MVC hole post_redirect = PostRedirect.new( :uri => upload_response_url(:url_title => info_request.url_title), :user_id => user.id) @@ -253,7 +254,7 @@ class AdminRequestController < AdminController end info_request_event.described_state = 'waiting_clarification' info_request_event.calculated_state = 'waiting_clarification' - # XXX deliberately don't update described_at so doesn't reenter search? + # TODO: deliberately don't update described_at so doesn't reenter search? info_request_event.save! flash[:notice] = "Old response marked as having been a clarification" diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index e6b0c121a..6f83d89d6 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,5 +1,9 @@ class ApiController < ApplicationController before_filter :check_api_key + before_filter :check_external_request, + :only => [:add_correspondence, :update_state] + before_filter :check_request_ownership, + :only => [:add_correspondence, :update_state] def show_request @request = InfoRequest.find(params[:id]) @@ -9,16 +13,11 @@ class ApiController < ApplicationController :id => @request.id, :url => make_url("request", @request.url_title), :title => @request.title, - :created_at => @request.created_at, :updated_at => @request.updated_at, - :status => @request.calculate_status, - :public_body_url => make_url("body", @request.public_body.url_name), - :request_email => @request.incoming_email, - :request_text => @request.last_event_forming_initial_request.outgoing_message.body, } if @request.user @@ -73,35 +72,19 @@ class ApiController < ApplicationController 'url' => make_url("request", request.url_title), 'id' => request.id } - end def add_correspondence - request = InfoRequest.find_by_id(params[:id]) - if request.nil? - render :json => { "errors" => ["Could not find request #{params[:id]}"] }, :status => 404 - return - end - json = ActiveSupport::JSON.decode(params[:correspondence_json]) attachments = params[:attachments] direction = json["direction"] body = json["body"] sent_at = json["sent_at"] + new_state = params["state"] errors = [] - if !request.is_external? - render :json => { "errors" => ["Request #{params[:id]} cannot be updated using the API"] }, :status => 500 - return - end - - if request.public_body_id != @public_body.id - render :json => { "errors" => ["You do not own request #{params[:id]}"] }, :status => 500 - return - end - if !["request", "response"].include?(direction) errors << "The direction parameter must be 'request' or 'response'" end @@ -116,6 +99,10 @@ class ApiController < ApplicationController errors << "You cannot attach files to messages in the 'request' direction" end + if new_state && !InfoRequest.allowed_incoming_states.include?(new_state) + errors << "'#{new_state}' is not a valid request state" + end + if !errors.empty? render :json => { "errors" => errors }, :status => 500 return @@ -125,16 +112,16 @@ class ApiController < ApplicationController # In the 'request' direction, i.e. what we (Alaveteli) regard as outgoing outgoing_message = OutgoingMessage.new( - :info_request => request, + :info_request => @request, :status => 'ready', :message_type => 'followup', :body => body, :last_sent_at => sent_at, :what_doing => 'normal_sort' ) - request.outgoing_messages << outgoing_message - request.save! - request.log_event("followup_sent", + @request.outgoing_messages << outgoing_message + @request.save! + @request.log_event("followup_sent", :api => true, :email => nil, :outgoing_message_id => outgoing_message.id, @@ -154,12 +141,48 @@ class ApiController < ApplicationController ) end - mail = RequestMailer.external_response(request, body, sent_at, attachment_hashes) + mail = RequestMailer.external_response(@request, body, sent_at, attachment_hashes) + + @request.receive(mail, mail.encoded, true) - request.receive(mail, mail.encoded, true) + if new_state + # we've already checked above that the status is valid + # so no need to check a second time + event = @request.log_event("status_update", + { :script => "#{@public_body.name} via API", + :old_described_state => @request.described_state, + :described_state => new_state, + }) + @request.set_described_state(new_state) + end end render :json => { - 'url' => make_url("request", request.url_title), + 'url' => make_url("request", @request.url_title), + } + end + + def update_state + new_state = params["state"] + + if InfoRequest.allowed_incoming_states.include?(new_state) + ActiveRecord::Base.transaction do + event = @request.log_event("status_update", + { :script => "#{@public_body.name} on behalf of requester via API", + :old_described_state => @request.described_state, + :described_state => new_state, + }) + @request.set_described_state(new_state) + end + else + render :json => { + "errors" => ["'#{new_state}' is not a valid request state" ] + }, + :status => 500 + return + end + + render :json => { + 'url' => make_url("request", @request.url_title), } end @@ -168,51 +191,48 @@ class ApiController < ApplicationController raise PermissionDenied.new("#{@public_body.id} != #{params[:id]}") if @public_body.id != params[:id].to_i since_date_str = params[:since_date] - if since_date_str.nil? - @events = InfoRequestEvent.find_by_sql([ - %(select info_request_events.* - from info_requests - join info_request_events on info_requests.id = info_request_events.info_request_id - where info_requests.public_body_id = ? - and info_request_events.event_type in ( - 'sent', 'followup_sent', 'resent', 'followup_resent' - ) - order by info_request_events.created_at desc - ), @public_body.id - ]) - else + since_event_id = params[:since_event_id] + + event_type_clause = "event_type in ('sent', 'followup_sent', 'resent', 'followup_resent')" + + @events = InfoRequestEvent.where(event_type_clause) \ + .joins(:info_request) \ + .where("public_body_id = ?", @public_body.id) \ + .includes([{:info_request => :user}, :outgoing_message]) \ + .order('info_request_events.created_at DESC') + + if since_date_str begin - since_date = Date.strptime(since_date_str, "%Y-%m-%d") + since_date = Date.strptime(since_date_str, "%Y-%m-%d") rescue ArgumentError - render :json => {"errors" => [ - "Parameter since_date must be in format yyyy-mm-dd (not '#{since_date_str}')" ] }, - :status => 500 - return + render :json => {"errors" => [ + "Parameter since_date must be in format yyyy-mm-dd (not '#{since_date_str}')" ] }, + :status => 500 + return end - @events = InfoRequestEvent.find_by_sql([ - %(select info_request_events.* - from info_requests - join info_request_events on info_requests.id = info_request_events.info_request_id - where info_requests.public_body_id = ? - and info_request_events.event_type in ( - 'sent', 'followup_sent', 'resent', 'followup_resent' - ) - and info_request_events.created_at >= ? - order by info_request_events.created_at desc - ), @public_body.id, since_date - ]) + @events = @events.where("info_request_events.created_at >= ?", since_date) + end + + # We take a "since" parameter that allows the client + # to restrict to events more recent than a certain other event + if since_event_id + begin + event = InfoRequestEvent.find(since_event_id) + rescue ActiveRecord::RecordNotFound + render :json => {"errors" => [ + "Event ID #{since_event_id} not found" ] }, + :status => 500 + return + end + @events = @events.where("info_request_events.created_at > ?", event.created_at) end + + if feed_type == "atom" render :template => "api/request_events", :formats => ['atom'], :layout => false elsif feed_type == "json" - # For the JSON feed, we take a "since" parameter that allows the client - # to restrict to events more recent than a certain other event - if params[:since_event_id] - @since_event_id = params[:since_event_id].to_i - end @event_data = [] @events.each do |event| - break if event.id == @since_event_id request = event.info_request this_event = { @@ -224,7 +244,6 @@ class ApiController < ApplicationController :request_email => request.incoming_email, :title => request.title, :body => event.outgoing_message.body, - :user_name => request.user_name, } if request.user @@ -246,6 +265,21 @@ class ApiController < ApplicationController raise PermissionDenied if @public_body.nil? end + def check_external_request + @request = InfoRequest.find_by_id(params[:id]) + if @request.nil? + render :json => { "errors" => ["Could not find request #{params[:id]}"] }, :status => 404 + elsif !@request.is_external? + render :json => { "errors" => ["Request #{params[:id]} cannot be updated using the API"] }, :status => 403 + end + end + + def check_request_ownership + if @request.public_body_id != @public_body.id + render :json => { "errors" => ["You do not own request #{params[:id]}"] }, :status => 403 + end + end + private def make_url(*args) "http://" + AlaveteliConfiguration::domain + "/" + args.join("/") diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 78a82316a..0c5f5bd02 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -278,10 +278,10 @@ class ApplicationController < ActionController::Base session[:post_redirect_token] = post_redirect.token - # XXX what is the built in Ruby URI munging function that can do this + # TODO: what is the built in Ruby URI munging function that can do this # choice of & vs. ? more elegantly than this dumb if statement? if uri.include?("?") - # XXX This looks odd. What would a fragment identifier be doing server-side? + # TODO: This looks odd. What would a fragment identifier be doing server-side? # But it also looks harmless, so I’ll leave it just in case. if uri.include?("#") uri.sub!("#", "&post_redirect=1#") diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb index 5e39c3a2c..2c0037577 100644 --- a/app/controllers/comment_controller.rb +++ b/app/controllers/comment_controller.rb @@ -21,7 +21,7 @@ class CommentController < ApplicationController end if params[:comment] - # XXX this check should theoretically be a validation rule in the model + # TODO: this check should theoretically be a validation rule in the model @existing_comment = Comment.find_existing(@info_request.id, params[:comment][:body]) else # Default to subscribing to request when first viewing form diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 6f0d29889..158492eb2 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -59,7 +59,7 @@ class GeneralController < ApplicationController # Actual search def search - # XXX Why is this so complicated with arrays and stuff? Look at the route + # TODO: Why is this so complicated with arrays and stuff? Look at the route # in config/routes.rb for comments. combined = params[:combined].split("/") @sortby = nil @@ -70,7 +70,7 @@ class GeneralController < ApplicationController else @advanced = false end - # XXX currently /described isn't linked to anywhere, just used in RSS and for /list/successful + # TODO: currently /described isn't linked to anywhere, just used in RSS and for /list/successful # This is because it's confusingly different from /newest - but still useful for power users. if combined.size > 0 && (['newest', 'described', 'relevant'].include?(combined[-1])) @sort_postfix = combined.pop @@ -124,7 +124,7 @@ class GeneralController < ApplicationController end end - # Query each type separately for separate display (XXX we are calling + # Query each type separately for separate display (TODO: we are calling # perform_search multiple times and it clobbers per_page for each one, # so set as separate var) requests_per_page = params[:requests_per_page] ? params[:requests_per_page].to_i : 25 @@ -159,7 +159,7 @@ class GeneralController < ApplicationController end # Spelling and highight words are same for all three queries - @highlight_words = @request_for_spelling.words_to_highlight + @highlight_words = @request_for_spelling.words_to_highlight(:regex => true, :include_original => true) if !(@request_for_spelling.spelling_correction =~ /[a-z]+:/) @spelling_correction = @request_for_spelling.spelling_correction end @@ -178,7 +178,9 @@ class GeneralController < ApplicationController format.json { render :json => { :alaveteli_git_commit => alaveteli_git_commit, :alaveteli_version => ALAVETELI_VERSION, - :ruby_version => RUBY_VERSION + :ruby_version => RUBY_VERSION, + :visible_request_count => InfoRequest.visible.count, + :confirmed_user_count => User.where(:email_confirmed => true).count }} end end diff --git a/app/controllers/public_body_change_requests_controller.rb b/app/controllers/public_body_change_requests_controller.rb index 4a6c5f5cb..773308546 100644 --- a/app/controllers/public_body_change_requests_controller.rb +++ b/app/controllers/public_body_change_requests_controller.rb @@ -1,5 +1,7 @@ class PublicBodyChangeRequestsController < ApplicationController + before_filter :catch_spam, :only => [:create] + def create @change_request = PublicBodyChangeRequest.from_params(params[:public_body_change_request], @user) if @change_request.save @@ -23,6 +25,16 @@ class PublicBodyChangeRequestsController < ApplicationController else @title = _('Ask us to add an authority') end + end + + private + def catch_spam + if params[:public_body_change_request].key?(:comment) + unless params[:public_body_change_request][:comment].empty? + redirect_to frontpage_url + end + end end + end diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb index 862f4b318..d2c84d820 100644 --- a/app/controllers/public_body_controller.rb +++ b/app/controllers/public_body_controller.rb @@ -5,12 +5,11 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: hello@mysociety.org; WWW: http://www.mysociety.org/ -require 'fastercsv' require 'confidence_intervals' require 'tempfile' class PublicBodyController < ApplicationController - # XXX tidy this up with better error messages, and a more standard infrastructure for the redirect to canonical URL + # TODO: tidy this up with better error messages, and a more standard infrastructure for the redirect to canonical URL def show long_cache if MySociety::Format.simplify_url_part(params[:url_name], 'body') != params[:url_name] @@ -43,7 +42,7 @@ class PublicBodyController < ApplicationController query = InfoRequestEvent.make_query_from_params(params.merge(:latest_status => @view)) query += " requested_from:#{@public_body.url_name}" # Use search query for this so can collapse and paginate easily - # XXX really should just use SQL query here rather than Xapian. + # TODO: really should just use SQL query here rather than Xapian. sortby = "described" begin @xapian_requests = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') @@ -86,7 +85,7 @@ class PublicBodyController < ApplicationController def list long_cache - # XXX move some of these tag SQL queries into has_tag_string.rb + # TODO: move some of these tag SQL queries into has_tag_string.rb like_query = params[:public_body_query] like_query = "" if like_query.nil? @@ -109,17 +108,17 @@ class PublicBodyController < ApplicationController # Restrict the public bodies shown according to the tag # parameter supplied in the URL: - if @tag.nil? or @tag == "all" - @tag = "all" + if @tag.nil? || @tag == 'all' + @tag = 'all' elsif @tag == 'other' - category_list = PublicBodyCategories::get().tags().map{|c| "'"+c+"'"}.join(",") + category_list = PublicBodyCategories.get.tags.map{ |c| %Q('#{ c }') }.join(",") where_condition += base_tag_condition + " AND has_tag_string_tags.name in (#{category_list})) = 0" elsif @tag.scan(/./mu).size == 1 - @tag = Unicode.upcase @tag + @tag = Unicode.upcase(@tag) # The first letter queries have to be done on # translations, so just indicate to add that later: first_letter = true - elsif @tag.include?(":") + elsif @tag.include?(':') name, value = HasTagString::HasTagStringTag.split_tag_into_name_value(@tag) where_condition += base_tag_condition + " AND has_tag_string_tags.name = ? AND has_tag_string_tags.value = ?) > 0" where_parameters.concat [name, value] @@ -128,16 +127,16 @@ class PublicBodyController < ApplicationController where_parameters.concat [@tag] end - if @tag == "all" - @description = "" + if @tag == 'all' + @description = '' elsif @tag.size == 1 - @description = _("beginning with ‘{{first_letter}}’", :first_letter=>@tag) + @description = _("beginning with ‘{{first_letter}}’", :first_letter => @tag) else - category_name = PublicBodyCategories::get().by_tag()[@tag] + category_name = PublicBodyCategories.get.by_tag[@tag] if category_name.nil? - @description = _("matching the tag ‘{{tag_name}}’", :tag_name=>@tag) + @description = _("matching the tag ‘{{tag_name}}’", :tag_name => @tag) else - @description = _("in the category ‘{{category_name}}’", :category_name=>category_name) + @description = _("in the category ‘{{category_name}}’", :category_name => category_name) end end @@ -151,15 +150,15 @@ class PublicBodyController < ApplicationController FROM public_bodies LEFT OUTER JOIN public_body_translations as current_locale ON (public_bodies.id = current_locale.public_body_id - AND current_locale.locale = ? AND #{get_public_body_list_translated_condition 'current_locale', first_letter}) + AND current_locale.locale = ? AND #{ get_public_body_list_translated_condition('current_locale', first_letter) }) LEFT OUTER JOIN public_body_translations as default_locale ON (public_bodies.id = default_locale.public_body_id - AND default_locale.locale = ? AND #{get_public_body_list_translated_condition 'default_locale', first_letter}) - WHERE #{where_condition} AND COALESCE(current_locale.name, default_locale.name) IS NOT NULL + AND default_locale.locale = ? AND #{ get_public_body_list_translated_condition('default_locale', first_letter) }) + WHERE #{ where_condition } AND COALESCE(current_locale.name, default_locale.name) IS NOT NULL ORDER BY display_name} - sql = [query, underscore_locale, like_query, like_query] + sql = [query, underscore_locale, like_query, like_query, like_query] sql.push @tag if first_letter - sql += [underscore_default_locale, like_query, like_query] + sql += [underscore_default_locale, like_query, like_query, like_query] sql.push @tag if first_letter sql += where_parameters @public_bodies = PublicBody.paginate_by_sql( @@ -170,17 +169,17 @@ class PublicBodyController < ApplicationController # The simpler case where we're just searching in the current locale: where_condition = get_public_body_list_translated_condition('public_body_translations', first_letter, true) + ' AND ' + where_condition - where_sql = [where_condition, like_query, like_query] + where_sql = [where_condition, like_query, like_query, like_query] where_sql.push @tag if first_letter where_sql += [underscore_locale] + where_parameters - @public_bodies = PublicBody.where(where_sql) \ - .joins(:translations) \ - .order("public_body_translations.name") \ - .paginate(:page => params[:page], :per_page => 100) + @public_bodies = PublicBody.where(where_sql). + joins(:translations). + order("public_body_translations.name"). + paginate(:page => params[:page], :per_page => 100) end respond_to do |format| - format.html { render :template => "public_body/list" } + format.html { render :template => 'public_body/list' } end end end @@ -191,6 +190,9 @@ class PublicBodyController < ApplicationController redirect_to list_public_bodies_url(:tag => @tag) end + # GET /body/all-authorities.csv + # + # Returns all public bodies (except for the internal admin authority) as CSV def list_all_csv # FIXME: this is just using the download directory for zip # archives, since we know that is allowed for X-Sendfile and @@ -198,21 +200,29 @@ class PublicBodyController < ApplicationController # used for the zips. However, really there should be a # generically named downloads directory that contains all # kinds of downloadable assets. - download_directory = File.join(InfoRequest.download_zip_dir(), - 'download') - FileUtils.mkdir_p download_directory + download_directory = File.join(InfoRequest.download_zip_dir, 'download') + FileUtils.mkdir_p(download_directory) output_leafname = 'all-authorities.csv' - output_filename = File.join download_directory, output_leafname + output_filename = File.join(download_directory, output_leafname) # Create a temporary file in the same directory, so we can # rename it atomically to the intended filename: - tmp = Tempfile.new output_leafname, download_directory + tmp = Tempfile.new(output_leafname, download_directory) tmp.close - # Export all the public bodies to that temporary path and make - # it readable: - PublicBody.export_csv tmp.path - FileUtils.chmod 0644, tmp.path - # Rename into place and send the file: - File.rename tmp.path, output_filename + + # Create the CSV + csv = PublicBodyCSV.new + PublicBody.visible.find_each(:include => [:translations, :tags]) do |public_body| + next if public_body.site_administration? + csv << public_body + end + + # Export all the public bodies to that temporary path, make it readable, + # and rename it + File.open(tmp.path, 'w') { |file| file.write(csv.generate) } + FileUtils.chmod(0644, tmp.path) + File.rename(tmp.path, output_filename) + + # Send the file send_file(output_filename, :type => 'text/csv; charset=utf-8; header=present', :filename => 'all-authorities.csv', @@ -344,9 +354,11 @@ class PublicBodyController < ApplicationController end private + def get_public_body_list_translated_condition(table, first_letter=false, locale=nil) result = "(upper(#{table}.name) LIKE upper(?)" \ - " OR upper(#{table}.notes) LIKE upper (?))" + " OR upper(#{table}.notes) LIKE upper(?)" \ + " OR upper(#{table}.short_name) LIKE upper(?))" if first_letter result += " AND #{table}.first_letter = ?" end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index d66c28275..3fa0ef0ce 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -181,7 +181,7 @@ class RequestController < ApplicationController end @filters = params.merge(:latest_status => @view) - @title = _("View and search requests") + @title = _('Browse and search requests') @title = @title + " (page " + @page.to_s + ")" if (@page > 1) @track_thing = TrackThing.create_track_for_search_query(InfoRequestEvent.make_query_from_params(@filters)) @@ -303,8 +303,14 @@ class RequestController < ApplicationController return render_new_compose(batch=false) end + # Check we have :public_body_id - spammers seem to be using :public_body + # erroneously instead + if params[:info_request][:public_body_id].blank? + redirect_to frontpage_path and return + end + # See if the exact same request has already been submitted - # XXX this check should theoretically be a validation rule in the + # TODO: this check should theoretically be a validation rule in the # model, except we really want to pass @existing_request to the view so # it can link to it. @existing_request = InfoRequest.find_existing(params[:info_request][:title], params[:info_request][:public_body_id], params[:outgoing_message][:body]) @@ -359,7 +365,7 @@ class RequestController < ApplicationController end # This automatically saves dependent objects, such as @outgoing_message, in the same transaction @info_request.save! - # XXX send_message needs the database id, so we send after saving, which isn't ideal if the request broke here. + # TODO: send_message needs the database id, so we send after saving, which isn't ideal if the request broke here. @outgoing_message.send_message flash[:notice] = _("<p>Your {{law_used_full}} request has been <strong>sent on its way</strong>!</p> <p><strong>We will email you</strong> when there is a response, or after {{late_number_of_days}} working days if the authority still hasn't @@ -537,7 +543,7 @@ class RequestController < ApplicationController elsif @info_request_event.is_outgoing_message? redirect_to outgoing_message_url(@info_request_event.outgoing_message), :status => :moved_permanently else - # XXX maybe there are better URLs for some events than this + # TODO: maybe there are better URLs for some events than this redirect_to request_url(@info_request_event.info_request), :status => :moved_permanently end end @@ -1006,7 +1012,7 @@ class RequestController < ApplicationController params[:info_request][:public_body] = PublicBody.find(params[:url_name]) else public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) - raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404 + raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # TODO: proper 404 params[:info_request][:public_body] = public_body end elsif params[:public_body_id] diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb index 97c47c448..dc4f783a6 100644 --- a/app/controllers/services_controller.rb +++ b/app/controllers/services_controller.rb @@ -31,7 +31,7 @@ class ServicesController < ApplicationController FastGettext.locale = old_fgt_locale end end - render :text => text, :content_type => "text/plain" # XXX workaround the HTML validation in test suite + render :text => text, :content_type => "text/plain" # TODO: workaround the HTML validation in test suite end def hidden_user_explanation diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index dccc52efc..83700a55b 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -82,7 +82,7 @@ class TrackController < ApplicationController def track_search_query @query = params[:query_array] - # XXX more hackery to make alternate formats still work with query_array + # TODO: more hackery to make alternate formats still work with query_array if /^(.*)\.json$/.match(@query) @query = $1 params[:format] = "json" @@ -154,7 +154,15 @@ class TrackController < ApplicationController request.format = 'xml' unless params[:format] respond_to do |format| format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true, - lambda { |t| view_context.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } + lambda do |t| + view_context.highlight_and_excerpt( + t, + @xapian_object.words_to_highlight( + :regex => true, + :include_original => true), + 150 + ) + end ) } } format.any { render :template => 'track/atom_feed', :formats => ['atom'], diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 8d6522923..fcc500e06 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -46,7 +46,7 @@ class UserController < ApplicationController @is_you = !@user.nil? && @user.id == @display_user.id # Use search query for this so can collapse and paginate easily - # XXX really should just use SQL query here rather than Xapian. + # TODO: really should just use SQL query here rather than Xapian. if @show_requests begin requests_query = 'requested_by:' + @display_user.url_name @@ -102,11 +102,11 @@ class UserController < ApplicationController @is_you = !@user.nil? && @user.id == @display_user.id feed_results = Set.new # Use search query for this so can collapse and paginate easily - # XXX really should just use SQL query here rather than Xapian. + # TODO: really should just use SQL query here rather than Xapian. begin requests_query = 'requested_by:' + @display_user.url_name comments_query = 'commented_by:' + @display_user.url_name - # XXX combine these as OR query + # TODO: combine these as OR query @xapian_requests = perform_search([InfoRequestEvent], requests_query, 'newest', 'request_collapse') @xapian_comments = perform_search([InfoRequestEvent], comments_query, 'newest', nil) rescue @@ -121,7 +121,7 @@ class UserController < ApplicationController if @is_you @track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc') for track_thing in @track_things - # XXX factor out of track_mailer.rb + # TODO: factor out of track_mailer.rb xapian_object = ActsAsXapian::Search.new([InfoRequestEvent], track_thing.track_query, :sort_by_prefix => 'described_at', :sort_by_ascending => true, @@ -262,7 +262,7 @@ class UserController < ApplicationController end end - # Change password (XXX and perhaps later email) - requires email authentication + # Change password (TODO: and perhaps later email) - requires email authentication def signchangepassword if @user and ((not session[:user_circumstance]) or (session[:user_circumstance] != "change_password")) # Not logged in via email, so send confirmation @@ -288,7 +288,7 @@ class UserController < ApplicationController :reason_params => { :web => "", :email => _("Then you can change your password on {{site_name}}",:site_name=>site_name), - :email_subject => _("Change your password {{site_name}}",:site_name=>site_name) + :email_subject => _("Change your password on {{site_name}}",:site_name=>site_name) }, :circumstance => "change_password" # special login that lets you change your password ) |