aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_public_body_controller.rb2
-rw-r--r--app/controllers/application_controller.rb41
-rw-r--r--app/controllers/help_controller.rb8
-rw-r--r--app/controllers/public_body_controller.rb12
-rw-r--r--app/controllers/request_controller.rb35
-rw-r--r--app/controllers/track_controller.rb9
-rw-r--r--app/controllers/user_controller.rb6
7 files changed, 73 insertions, 40 deletions
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb
index e249cef11..0c24d47c1 100644
--- a/app/controllers/admin_public_body_controller.rb
+++ b/app/controllers/admin_public_body_controller.rb
@@ -31,8 +31,8 @@ class AdminPublicBodyController < AdminController
lower(public_body_translations.short_name) like lower('%'||?||'%') or
lower(public_body_translations.request_email) like lower('%'||?||'%' )) AND (public_body_translations.locale = '#{@locale}')", @query, @query, @query],
:joins => :translations
- @public_bodies_by_tag = PublicBody::Translation.find_by_tag(@query)
end
+ @public_bodies_by_tag = PublicBody.find_by_tag(@query)
end
def list
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b7457c48e..7aa522389 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,10 +11,15 @@
require 'open-uri'
class ApplicationController < ActionController::Base
+ class PermissionDenied < StandardError
+ end
# Standard headers, footers and navigation for whole site
layout "default"
include FastGettext::Translation # make functions like _, n_, N_ etc available)
-
+
+ # Send notification email on exceptions
+ include ExceptionNotification::Notifiable
+
# Note: a filter stops the chain if it redirects or renders something
before_filter :authentication_check
before_filter :set_gettext_locale
@@ -117,8 +122,11 @@ class ApplicationController < ActionController::Base
case exception
when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError
@status = 404
+ when PermissionDenied
+ @status = 403
else
@status = 500
+ notify_about_exception exception
end
# Display user appropriate error message
@exception_backtrace = exception.backtrace.join("\n")
@@ -185,7 +193,7 @@ class ApplicationController < ActionController::Base
return File.exists?(key_path)
end
def foi_fragment_cache_read(key_path)
- cached = File.read(key_path)
+ return File.read(key_path)
end
def foi_fragment_cache_write(key_path, content)
FileUtils.mkdir_p(File.dirname(key_path))
@@ -357,18 +365,39 @@ class ApplicationController < ActionController::Base
def get_search_page_from_params
return (params[:page] || "1").to_i
end
+ def perform_search_typeahead(query, model)
+ # strip out unintended search operators - see
+ # https://github.com/sebbacon/alaveteli/issues/328
+ # XXX this is a result of the OR hack below -- should fix by
+ # allowing a parameter to perform_search to control the
+ # default operator!
+ query = query.strip.gsub(/(\s-\s|&)/, "")
+ query = query.split(/ +(?![-+]+)/)
+ if query.last.nil? || query.last.strip.length < 3
+ xapian_requests = nil
+ else
+ query = query.join(' OR ') # XXX: HACK for OR instead of default AND!
+ if model == PublicBody
+ collapse = nil
+ elsif model == InfoRequestEvent
+ collapse = 'request_collapse'
+ end
+ xapian_requests = perform_search([model], query, 'relevant', collapse, 5)
+ end
+ return xapian_requests
+ end
# Store last visited pages, for contact form; but only for logged in users, as otherwise this breaks caching
def set_last_request(info_request)
if !session[:user_id].nil?
- session[:last_request_id] = info_request.id
- session[:last_body_id] = nil
+ cookies["last_request_id"] = info_request.id
+ cookies["last_body_id"] = nil
end
end
def set_last_body(public_body)
if !session[:user_id].nil?
- session[:last_request_id] = nil
- session[:last_body_id] = public_body.id
+ cookies["last_request_id"] = nil
+ cookies["last_body_id"] = public_body.id
end
end
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index c6d246b4c..9b00846ee 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -26,18 +26,18 @@ class HelpController < ApplicationController
# if they clicked remove for link to request/body, remove it
if params[:remove]
@last_request = nil
- session[:last_request_id] = nil
- session[:last_body_id] = nil
+ cookies["last_request_id"] = nil
+ cookies["last_body_id"] = nil
end
# look up link to request/body
- @last_request_id = session[:last_request_id].to_i
+ @last_request_id = cookies["last_request_id"].to_i
if @last_request_id > 0
@last_request = InfoRequest.find(@last_request_id)
else
@last_request = nil
end
- @last_body_id = session[:last_body_id].to_i
+ @last_body_id = cookies["last_body_id"].to_i
if @last_body_id > 0
@last_body = PublicBody.find(@last_body_id)
else
diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb
index 62229a441..659433c9e 100644
--- a/app/controllers/public_body_controller.rb
+++ b/app/controllers/public_body_controller.rb
@@ -129,7 +129,7 @@ class PublicBodyController < ApplicationController
end
PublicBody.with_locale(@locale) do
@public_bodies = PublicBody.paginate(
- :order => "public_body_translations.name", :page => params[:page], :per_page => 1000, # fit all councils on one page
+ :order => "public_body_translations.name", :page => params[:page], :per_page => 100,
:conditions => conditions,
:joins => :translations
)
@@ -185,14 +185,8 @@ class PublicBodyController < ApplicationController
def search_typeahead
# Since acts_as_xapian doesn't support the Partial match flag, we work around it
# by making the last work a wildcard, which is quite the same
- query = params[:q]
- query = query.split(' ')
- if query.last.nil? || query.last.strip.length < 3
- @xapian_requests = nil
- else
- query = query.join(' OR ') # XXX: HACK for OR instead of default AND!
- @xapian_requests = perform_search([PublicBody], query, 'relevant', nil, 5)
- end
+ query = params[:query]
+ @xapian_requests = perform_search_typeahead(query, PublicBody)
render :partial => "public_body/search_ahead"
end
end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 8672fdf75..99aa3c7ea 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -37,8 +37,7 @@ class RequestController < ApplicationController
end
if !params[:query].nil?
query = params[:query]
- query = query.split(' ').join(' OR ') # XXX: HACK for OR instead of default AND!
- @xapian_requests = perform_search([PublicBody], query, 'relevant', nil, 5)
+ @xapian_requests = perform_search_typeahead(query, PublicBody)
end
medium_cache
end
@@ -118,11 +117,14 @@ class RequestController < ApplicationController
def details
long_cache
@info_request = InfoRequest.find_by_url_title(params[:url_title])
- if !@info_request.user_can_view?(authenticated_user)
- render :template => 'request/hidden', :status => 410 # gone
- return
+ if @info_request.nil?
+ raise ActiveRecord::RecordNotFound.new("Request not found")
+ else
+ if !@info_request.user_can_view?(authenticated_user)
+ render :template => 'request/hidden', :status => 410 # gone
+ return
+ end
end
-
@columns = ['id', 'event_type', 'created_at', 'described_state', 'last_described_at', 'calculated_state' ]
end
@@ -600,9 +602,13 @@ class RequestController < ApplicationController
before_filter :authenticate_attachment, :only => [ :get_attachment, :get_attachment_as_html ]
def authenticate_attachment
# Test for hidden
- incoming_message = IncomingMessage.find(params[:incoming_message_id])
- if !incoming_message.info_request.user_can_view?(authenticated_user)
- render :template => 'request/hidden', :status => 410 # gone
+ if request.path =~ /\/$/
+ raise PermissionDenied.new("Directory listing not allowed")
+ else
+ incoming_message = IncomingMessage.find(params[:incoming_message_id])
+ if !incoming_message.info_request.user_can_view?(authenticated_user)
+ render :template => 'request/hidden', :status => 410 # gone
+ end
end
end
@@ -755,13 +761,7 @@ class RequestController < ApplicationController
# Since acts_as_xapian doesn't support the Partial match flag, we work around it
# by making the last work a wildcard, which is quite the same
query = params[:q]
- query = query.split(' ')
- if query.last.nil? || query.last.strip.length < 3
- @xapian_requests = nil
- else
- query = query.join(' OR ') # XXX: HACK for OR instead of default AND!
- @xapian_requests = perform_search([InfoRequestEvent], query, 'relevant', 'request_collapse', 5)
- end
+ @xapian_requests = perform_search_typeahead(query, InfoRequestEvent)
render :partial => "request/search_ahead.rhtml"
end
@@ -814,7 +814,8 @@ class RequestController < ApplicationController
for message in info_request.incoming_messages
attachments = message.get_attachments_for_display
for attachment in attachments
- zipfile.get_output_stream(attachment.display_filename) { |f|
+ filename = "#{attachment.url_part_number}_#{attachment.display_filename}"
+ zipfile.get_output_stream(filename) { |f|
f.puts(attachment.body)
}
end
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index e06701a5f..e39a0489d 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -46,7 +46,14 @@ class TrackController < ApplicationController
# Track all updates to a particular public body
def track_public_body
- @public_body = PublicBody.find_by_url_name(params[:url_name])
+ @public_body = PublicBody.find_by_url_name_with_historic(params[:url_name])
+ raise ActiveRecord::RecordNotFound.new("None found") if @public_body.nil?
+ # If found by historic name, or alternate locale name, redirect to new name
+ if @public_body.url_name != params[:url_name]
+ redirect_to track_public_body_url(:url_name => @public_body.url_name, :feed => params[:feed])
+ return
+ end
+
@track_thing = TrackThing.create_track_for_public_body(@public_body)
return atom_feed_internal if params[:feed] == 'feed'
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index fc29a847c..45b71a3a9 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -116,8 +116,10 @@ class UserController < ApplicationController
render :action => 'sign'
return
else
- @user_signin = User.authenticate_from_form(params[:user_signin], @post_redirect.reason_params[:user_name] ? true : false)
- if @user_signin.errors.size > 0
+ if !@post_redirect.nil?
+ @user_signin = User.authenticate_from_form(params[:user_signin], @post_redirect.reason_params[:user_name] ? true : false)
+ end
+ if @post_redirect.nil? || @user_signin.errors.size > 0
# Failed to authenticate
render :action => 'sign'
return
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 20:11:39 +0000