diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/comment_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/public_body_controller.rb | 88 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 14 | ||||
| -rw-r--r-- | app/controllers/services_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/track_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 12 |
9 files changed, 89 insertions, 61 deletions
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index fc291d998..5c45a6e6e 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -199,7 +199,7 @@ class AdminRequestController < AdminController end # Bejeeps, look, sometimes a URL is something that belongs in a controller, jesus. - # XXX hammer this square peg into the round MVC hole + # TODO: hammer this square peg into the round MVC hole post_redirect = PostRedirect.new( :uri => upload_response_url(:url_title => info_request.url_title), :user_id => user.id) @@ -253,7 +253,7 @@ class AdminRequestController < AdminController end info_request_event.described_state = 'waiting_clarification' info_request_event.calculated_state = 'waiting_clarification' - # XXX deliberately don't update described_at so doesn't reenter search? + # TODO: deliberately don't update described_at so doesn't reenter search? info_request_event.save! flash[:notice] = "Old response marked as having been a clarification" diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 78a82316a..0c5f5bd02 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -278,10 +278,10 @@ class ApplicationController < ActionController::Base session[:post_redirect_token] = post_redirect.token - # XXX what is the built in Ruby URI munging function that can do this + # TODO: what is the built in Ruby URI munging function that can do this # choice of & vs. ? more elegantly than this dumb if statement? if uri.include?("?") - # XXX This looks odd. What would a fragment identifier be doing server-side? + # TODO: This looks odd. What would a fragment identifier be doing server-side? # But it also looks harmless, so I’ll leave it just in case. if uri.include?("#") uri.sub!("#", "&post_redirect=1#") diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb index 5e39c3a2c..2c0037577 100644 --- a/app/controllers/comment_controller.rb +++ b/app/controllers/comment_controller.rb @@ -21,7 +21,7 @@ class CommentController < ApplicationController end if params[:comment] - # XXX this check should theoretically be a validation rule in the model + # TODO: this check should theoretically be a validation rule in the model @existing_comment = Comment.find_existing(@info_request.id, params[:comment][:body]) else # Default to subscribing to request when first viewing form diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 6f0d29889..158492eb2 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -59,7 +59,7 @@ class GeneralController < ApplicationController # Actual search def search - # XXX Why is this so complicated with arrays and stuff? Look at the route + # TODO: Why is this so complicated with arrays and stuff? Look at the route # in config/routes.rb for comments. combined = params[:combined].split("/") @sortby = nil @@ -70,7 +70,7 @@ class GeneralController < ApplicationController else @advanced = false end - # XXX currently /described isn't linked to anywhere, just used in RSS and for /list/successful + # TODO: currently /described isn't linked to anywhere, just used in RSS and for /list/successful # This is because it's confusingly different from /newest - but still useful for power users. if combined.size > 0 && (['newest', 'described', 'relevant'].include?(combined[-1])) @sort_postfix = combined.pop @@ -124,7 +124,7 @@ class GeneralController < ApplicationController end end - # Query each type separately for separate display (XXX we are calling + # Query each type separately for separate display (TODO: we are calling # perform_search multiple times and it clobbers per_page for each one, # so set as separate var) requests_per_page = params[:requests_per_page] ? params[:requests_per_page].to_i : 25 @@ -159,7 +159,7 @@ class GeneralController < ApplicationController end # Spelling and highight words are same for all three queries - @highlight_words = @request_for_spelling.words_to_highlight + @highlight_words = @request_for_spelling.words_to_highlight(:regex => true, :include_original => true) if !(@request_for_spelling.spelling_correction =~ /[a-z]+:/) @spelling_correction = @request_for_spelling.spelling_correction end @@ -178,7 +178,9 @@ class GeneralController < ApplicationController format.json { render :json => { :alaveteli_git_commit => alaveteli_git_commit, :alaveteli_version => ALAVETELI_VERSION, - :ruby_version => RUBY_VERSION + :ruby_version => RUBY_VERSION, + :visible_request_count => InfoRequest.visible.count, + :confirmed_user_count => User.where(:email_confirmed => true).count }} end end diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb index 862f4b318..d2c84d820 100644 --- a/app/controllers/public_body_controller.rb +++ b/app/controllers/public_body_controller.rb @@ -5,12 +5,11 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: hello@mysociety.org; WWW: http://www.mysociety.org/ -require 'fastercsv' require 'confidence_intervals' require 'tempfile' class PublicBodyController < ApplicationController - # XXX tidy this up with better error messages, and a more standard infrastructure for the redirect to canonical URL + # TODO: tidy this up with better error messages, and a more standard infrastructure for the redirect to canonical URL def show long_cache if MySociety::Format.simplify_url_part(params[:url_name], 'body') != params[:url_name] @@ -43,7 +42,7 @@ class PublicBodyController < ApplicationController query = InfoRequestEvent.make_query_from_params(params.merge(:latest_status => @view)) query += " requested_from:#{@public_body.url_name}" # Use search query for this so can collapse and paginate easily - # XXX really should just use SQL query here rather than Xapian. + # TODO: really should just use SQL query here rather than Xapian. sortby = "described" begin @xapian_requests = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') @@ -86,7 +85,7 @@ class PublicBodyController < ApplicationController def list long_cache - # XXX move some of these tag SQL queries into has_tag_string.rb + # TODO: move some of these tag SQL queries into has_tag_string.rb like_query = params[:public_body_query] like_query = "" if like_query.nil? @@ -109,17 +108,17 @@ class PublicBodyController < ApplicationController # Restrict the public bodies shown according to the tag # parameter supplied in the URL: - if @tag.nil? or @tag == "all" - @tag = "all" + if @tag.nil? || @tag == 'all' + @tag = 'all' elsif @tag == 'other' - category_list = PublicBodyCategories::get().tags().map{|c| "'"+c+"'"}.join(",") + category_list = PublicBodyCategories.get.tags.map{ |c| %Q('#{ c }') }.join(",") where_condition += base_tag_condition + " AND has_tag_string_tags.name in (#{category_list})) = 0" elsif @tag.scan(/./mu).size == 1 - @tag = Unicode.upcase @tag + @tag = Unicode.upcase(@tag) # The first letter queries have to be done on # translations, so just indicate to add that later: first_letter = true - elsif @tag.include?(":") + elsif @tag.include?(':') name, value = HasTagString::HasTagStringTag.split_tag_into_name_value(@tag) where_condition += base_tag_condition + " AND has_tag_string_tags.name = ? AND has_tag_string_tags.value = ?) > 0" where_parameters.concat [name, value] @@ -128,16 +127,16 @@ class PublicBodyController < ApplicationController where_parameters.concat [@tag] end - if @tag == "all" - @description = "" + if @tag == 'all' + @description = '' elsif @tag.size == 1 - @description = _("beginning with ‘{{first_letter}}’", :first_letter=>@tag) + @description = _("beginning with ‘{{first_letter}}’", :first_letter => @tag) else - category_name = PublicBodyCategories::get().by_tag()[@tag] + category_name = PublicBodyCategories.get.by_tag[@tag] if category_name.nil? - @description = _("matching the tag ‘{{tag_name}}’", :tag_name=>@tag) + @description = _("matching the tag ‘{{tag_name}}’", :tag_name => @tag) else - @description = _("in the category ‘{{category_name}}’", :category_name=>category_name) + @description = _("in the category ‘{{category_name}}’", :category_name => category_name) end end @@ -151,15 +150,15 @@ class PublicBodyController < ApplicationController FROM public_bodies LEFT OUTER JOIN public_body_translations as current_locale ON (public_bodies.id = current_locale.public_body_id - AND current_locale.locale = ? AND #{get_public_body_list_translated_condition 'current_locale', first_letter}) + AND current_locale.locale = ? AND #{ get_public_body_list_translated_condition('current_locale', first_letter) }) LEFT OUTER JOIN public_body_translations as default_locale ON (public_bodies.id = default_locale.public_body_id - AND default_locale.locale = ? AND #{get_public_body_list_translated_condition 'default_locale', first_letter}) - WHERE #{where_condition} AND COALESCE(current_locale.name, default_locale.name) IS NOT NULL + AND default_locale.locale = ? AND #{ get_public_body_list_translated_condition('default_locale', first_letter) }) + WHERE #{ where_condition } AND COALESCE(current_locale.name, default_locale.name) IS NOT NULL ORDER BY display_name} - sql = [query, underscore_locale, like_query, like_query] + sql = [query, underscore_locale, like_query, like_query, like_query] sql.push @tag if first_letter - sql += [underscore_default_locale, like_query, like_query] + sql += [underscore_default_locale, like_query, like_query, like_query] sql.push @tag if first_letter sql += where_parameters @public_bodies = PublicBody.paginate_by_sql( @@ -170,17 +169,17 @@ class PublicBodyController < ApplicationController # The simpler case where we're just searching in the current locale: where_condition = get_public_body_list_translated_condition('public_body_translations', first_letter, true) + ' AND ' + where_condition - where_sql = [where_condition, like_query, like_query] + where_sql = [where_condition, like_query, like_query, like_query] where_sql.push @tag if first_letter where_sql += [underscore_locale] + where_parameters - @public_bodies = PublicBody.where(where_sql) \ - .joins(:translations) \ - .order("public_body_translations.name") \ - .paginate(:page => params[:page], :per_page => 100) + @public_bodies = PublicBody.where(where_sql). + joins(:translations). + order("public_body_translations.name"). + paginate(:page => params[:page], :per_page => 100) end respond_to do |format| - format.html { render :template => "public_body/list" } + format.html { render :template => 'public_body/list' } end end end @@ -191,6 +190,9 @@ class PublicBodyController < ApplicationController redirect_to list_public_bodies_url(:tag => @tag) end + # GET /body/all-authorities.csv + # + # Returns all public bodies (except for the internal admin authority) as CSV def list_all_csv # FIXME: this is just using the download directory for zip # archives, since we know that is allowed for X-Sendfile and @@ -198,21 +200,29 @@ class PublicBodyController < ApplicationController # used for the zips. However, really there should be a # generically named downloads directory that contains all # kinds of downloadable assets. - download_directory = File.join(InfoRequest.download_zip_dir(), - 'download') - FileUtils.mkdir_p download_directory + download_directory = File.join(InfoRequest.download_zip_dir, 'download') + FileUtils.mkdir_p(download_directory) output_leafname = 'all-authorities.csv' - output_filename = File.join download_directory, output_leafname + output_filename = File.join(download_directory, output_leafname) # Create a temporary file in the same directory, so we can # rename it atomically to the intended filename: - tmp = Tempfile.new output_leafname, download_directory + tmp = Tempfile.new(output_leafname, download_directory) tmp.close - # Export all the public bodies to that temporary path and make - # it readable: - PublicBody.export_csv tmp.path - FileUtils.chmod 0644, tmp.path - # Rename into place and send the file: - File.rename tmp.path, output_filename + + # Create the CSV + csv = PublicBodyCSV.new + PublicBody.visible.find_each(:include => [:translations, :tags]) do |public_body| + next if public_body.site_administration? + csv << public_body + end + + # Export all the public bodies to that temporary path, make it readable, + # and rename it + File.open(tmp.path, 'w') { |file| file.write(csv.generate) } + FileUtils.chmod(0644, tmp.path) + File.rename(tmp.path, output_filename) + + # Send the file send_file(output_filename, :type => 'text/csv; charset=utf-8; header=present', :filename => 'all-authorities.csv', @@ -344,9 +354,11 @@ class PublicBodyController < ApplicationController end private + def get_public_body_list_translated_condition(table, first_letter=false, locale=nil) result = "(upper(#{table}.name) LIKE upper(?)" \ - " OR upper(#{table}.notes) LIKE upper (?))" + " OR upper(#{table}.notes) LIKE upper(?)" \ + " OR upper(#{table}.short_name) LIKE upper(?))" if first_letter result += " AND #{table}.first_letter = ?" end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index d66c28275..6281959fb 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -303,8 +303,14 @@ class RequestController < ApplicationController return render_new_compose(batch=false) end + # Check we have :public_body_id - spammers seem to be using :public_body + # erroneously instead + if params[:info_request][:public_body_id].blank? + redirect_to frontpage_path and return + end + # See if the exact same request has already been submitted - # XXX this check should theoretically be a validation rule in the + # TODO: this check should theoretically be a validation rule in the # model, except we really want to pass @existing_request to the view so # it can link to it. @existing_request = InfoRequest.find_existing(params[:info_request][:title], params[:info_request][:public_body_id], params[:outgoing_message][:body]) @@ -359,7 +365,7 @@ class RequestController < ApplicationController end # This automatically saves dependent objects, such as @outgoing_message, in the same transaction @info_request.save! - # XXX send_message needs the database id, so we send after saving, which isn't ideal if the request broke here. + # TODO: send_message needs the database id, so we send after saving, which isn't ideal if the request broke here. @outgoing_message.send_message flash[:notice] = _("<p>Your {{law_used_full}} request has been <strong>sent on its way</strong>!</p> <p><strong>We will email you</strong> when there is a response, or after {{late_number_of_days}} working days if the authority still hasn't @@ -537,7 +543,7 @@ class RequestController < ApplicationController elsif @info_request_event.is_outgoing_message? redirect_to outgoing_message_url(@info_request_event.outgoing_message), :status => :moved_permanently else - # XXX maybe there are better URLs for some events than this + # TODO: maybe there are better URLs for some events than this redirect_to request_url(@info_request_event.info_request), :status => :moved_permanently end end @@ -1006,7 +1012,7 @@ class RequestController < ApplicationController params[:info_request][:public_body] = PublicBody.find(params[:url_name]) else public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) - raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404 + raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # TODO: proper 404 params[:info_request][:public_body] = public_body end elsif params[:public_body_id] diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb index 97c47c448..dc4f783a6 100644 --- a/app/controllers/services_controller.rb +++ b/app/controllers/services_controller.rb @@ -31,7 +31,7 @@ class ServicesController < ApplicationController FastGettext.locale = old_fgt_locale end end - render :text => text, :content_type => "text/plain" # XXX workaround the HTML validation in test suite + render :text => text, :content_type => "text/plain" # TODO: workaround the HTML validation in test suite end def hidden_user_explanation diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index dccc52efc..83700a55b 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -82,7 +82,7 @@ class TrackController < ApplicationController def track_search_query @query = params[:query_array] - # XXX more hackery to make alternate formats still work with query_array + # TODO: more hackery to make alternate formats still work with query_array if /^(.*)\.json$/.match(@query) @query = $1 params[:format] = "json" @@ -154,7 +154,15 @@ class TrackController < ApplicationController request.format = 'xml' unless params[:format] respond_to do |format| format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true, - lambda { |t| view_context.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } + lambda do |t| + view_context.highlight_and_excerpt( + t, + @xapian_object.words_to_highlight( + :regex => true, + :include_original => true), + 150 + ) + end ) } } format.any { render :template => 'track/atom_feed', :formats => ['atom'], diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 8d6522923..fcc500e06 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -46,7 +46,7 @@ class UserController < ApplicationController @is_you = !@user.nil? && @user.id == @display_user.id # Use search query for this so can collapse and paginate easily - # XXX really should just use SQL query here rather than Xapian. + # TODO: really should just use SQL query here rather than Xapian. if @show_requests begin requests_query = 'requested_by:' + @display_user.url_name @@ -102,11 +102,11 @@ class UserController < ApplicationController @is_you = !@user.nil? && @user.id == @display_user.id feed_results = Set.new # Use search query for this so can collapse and paginate easily - # XXX really should just use SQL query here rather than Xapian. + # TODO: really should just use SQL query here rather than Xapian. begin requests_query = 'requested_by:' + @display_user.url_name comments_query = 'commented_by:' + @display_user.url_name - # XXX combine these as OR query + # TODO: combine these as OR query @xapian_requests = perform_search([InfoRequestEvent], requests_query, 'newest', 'request_collapse') @xapian_comments = perform_search([InfoRequestEvent], comments_query, 'newest', nil) rescue @@ -121,7 +121,7 @@ class UserController < ApplicationController if @is_you @track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc') for track_thing in @track_things - # XXX factor out of track_mailer.rb + # TODO: factor out of track_mailer.rb xapian_object = ActsAsXapian::Search.new([InfoRequestEvent], track_thing.track_query, :sort_by_prefix => 'described_at', :sort_by_ascending => true, @@ -262,7 +262,7 @@ class UserController < ApplicationController end end - # Change password (XXX and perhaps later email) - requires email authentication + # Change password (TODO: and perhaps later email) - requires email authentication def signchangepassword if @user and ((not session[:user_circumstance]) or (session[:user_circumstance] != "change_password")) # Not logged in via email, so send confirmation @@ -288,7 +288,7 @@ class UserController < ApplicationController :reason_params => { :web => "", :email => _("Then you can change your password on {{site_name}}",:site_name=>site_name), - :email_subject => _("Change your password {{site_name}}",:site_name=>site_name) + :email_subject => _("Change your password on {{site_name}}",:site_name=>site_name) }, :circumstance => "change_password" # special login that lets you change your password ) |