diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin_public_body_controller.rb | 110 | ||||
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/api_controller.rb | 57 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 4 |
4 files changed, 134 insertions, 39 deletions
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb index 285523e11..7bd794d23 100644 --- a/app/controllers/admin_public_body_controller.rb +++ b/app/controllers/admin_public_body_controller.rb @@ -139,48 +139,86 @@ class AdminPublicBodyController < AdminController end def import_csv - if params['commit'] == 'Dry run' - dry_run_only = true - elsif params['commit'] == 'Upload' - dry_run_only = false - else - raise "internal error, unknown button label" - end - if params[:csv_file] - csv_contents = params[:csv_file].read - else - csv_contents = session.delete(:previous_csv) - end - if !csv_contents.nil? - # Try with dry run first - en = PublicBody.import_csv(csv_contents, params[:tag], params[:tag_behaviour], true, admin_http_auth_user(), I18n.available_locales) - errors = en[0] - notes = en[1] - - if errors.size == 0 - if dry_run_only - notes.push("Dry run was successful, real run would do as above.") - session[:previous_csv] = csv_contents - else - # And if OK, with real run - en = PublicBody.import_csv(csv_contents, params[:tag], params[:tag_behaviour], false, admin_http_auth_user(), I18n.available_locales) - errors = en[0] - notes = en[1] - if errors.size != 0 - raise "dry run mismatched real run" + @notes = "" + @errors = "" + if request.post? + if params['commit'] == 'Dry run' + dry_run_only = true + elsif params['commit'] == 'Upload' + dry_run_only = false + else + raise "internal error, unknown button label" + end + # Read file from params + if params[:csv_file] + csv_contents = params[:csv_file].read + @original_csv_file = params[:csv_file].original_filename + # or from previous dry-run temporary file + elsif params[:temporary_csv_file] && params[:original_csv_file] + csv_contents = retrieve_csv_data(params[:temporary_csv_file]) + @original_csv_file = params[:original_csv_file] + end + + if !csv_contents.nil? + # Try with dry run first + errors, notes = PublicBody.import_csv(csv_contents, + params[:tag], + params[:tag_behaviour], + true, + admin_http_auth_user(), + I18n.available_locales) + + if errors.size == 0 + if dry_run_only + notes.push("Dry run was successful, real run would do as above.") + # Store the csv file for ease of performing the real run + @temporary_csv_file = store_csv_data(csv_contents) + else + # And if OK, with real run + errors, notes = PublicBody.import_csv(csv_contents, + params[:tag], + params[:tag_behaviour], + false, + admin_http_auth_user(), + I18n.available_locales) + if errors.size != 0 + raise "dry run mismatched real run" + end + notes.push("Import was successful.") end - notes.push("Import was successful.") end + @errors = errors.join("\n") + @notes = notes.join("\n") end - @errors = errors.join("\n") - @notes = notes.join("\n") - else - @errors = "" - @notes = "" end - end private + # Save the contents to a temporary file - not using Tempfile as we need + # the file to persist between requests. Return the name of the file. + def store_csv_data(csv_contents) + tempfile_name = "csv_upload-#{Time.now.strftime("%Y%m%d")}-#{SecureRandom.random_number(10000)}" + tempfile = File.new(File.join(Dir::tmpdir, tempfile_name), 'w') + tempfile.write(csv_contents) + tempfile.close + return tempfile_name + end + + # Get csv contents from the file whose name is passed, as long as the + # name is of the expected form. + # Delete the file, return the contents. + def retrieve_csv_data(tempfile_name) + if not /csv_upload-\d{8}-\d{1,5}/.match(tempfile_name) + raise "Invalid filename in upload_csv: #{tempfile_name}" + end + tempfile_path = File.join(Dir::tmpdir, tempfile_name) + if ! File.exist?(tempfile_path) + raise "Missing file in upload_csv: #{tempfile_name}" + end + csv_contents = File.read(tempfile_path) + File.delete(tempfile_path) + return csv_contents + end + end diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index fd1405319..ae4bb511a 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -28,7 +28,7 @@ class AdminRequestController < AdminController @info_request = InfoRequest.find(params[:id]) # XXX is this *really* the only way to render a template to a # variable, rather than to the response? - vars = OpenStruct.new(:name_to => @info_request.user.name, + vars = OpenStruct.new(:name_to => @info_request.user_name, :name_from => MySociety::Config.get("CONTACT_NAME", 'Alaveteli'), :info_request => @info_request, :reason => params[:reason], :info_request_url => 'http://' + MySociety::Config.get('DOMAIN') + request_url(@info_request), diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 524aa44b7..718c31e6f 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -151,8 +151,61 @@ class ApiController < ApplicationController mail = RequestMailer.create_external_response(request, body, sent_at, attachment_hashes) request.receive(mail, mail.encoded, true) end - - head :no_content + render :json => { + 'url' => make_url("request", request.url_title), + } + end + + def body_request_events + feed_type = params[:feed_type] + raise PermissionDenied.new("#{@public_body.id} != #{params[:id]}") if @public_body.id != params[:id].to_i + + @events = InfoRequestEvent.find_by_sql([ + %(select info_request_events.* + from info_requests + join info_request_events on info_requests.id = info_request_events.info_request_id + where info_requests.public_body_id = ? + and info_request_events.event_type in ( + 'sent', 'followup_sent', 'resent', 'followup_resent' + ) + order by info_request_events.created_at desc + ), @public_body.id + ]) + if feed_type == "atom" + render :template => "api/request_events.atom", :layout => false + elsif feed_type == "json" + # For the JSON feed, we take a "since" parameter that allows the client + # to restrict to events more recent than a certain other event + if params[:since_event_id] + @since_event_id = params[:since_event_id].to_i + end + @event_data = [] + @events.each do |event| + break if event.id == @since_event_id + + request = event.info_request + this_event = { + :request_id => request.id, + :event_id => event.id, + :created_at => event.created_at.iso8601, + :event_type => event.event_type, + :request_url => main_url(request_url(request)), + :request_email => request.incoming_email, + :title => request.title, + :body => event.outgoing_message.body, + + :user_name => request.user_name, + } + if request.user + this_event[:user_url] = main_url(user_url(request.user)) + end + + @event_data.push(this_event) + end + render :json => @event_data + else + raise ActiveRecord::RecordNotFound.new("Unrecognised feed type: #{feed_type}") + end end protected diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 41adf1848..11f21025c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -27,6 +27,7 @@ class ApplicationController < ActionController::Base before_filter :check_in_post_redirect before_filter :session_remember_me before_filter :set_vary_header + before_filter :set_popup_banner # scrub sensitive parameters from the logs filter_parameter_logging :password @@ -553,6 +554,9 @@ class ApplicationController < ActionController::Base return country end + def set_popup_banner + @popup_banner = render_to_string(:partial => "general/popup_banner").strip + end # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into # all of all. |