aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_controller.rb2
-rw-r--r--app/controllers/admin_public_body_controller.rb8
-rw-r--r--app/controllers/admin_request_controller.rb41
-rw-r--r--app/controllers/application_controller.rb15
-rw-r--r--app/controllers/comment_controller.rb2
-rw-r--r--app/controllers/help_controller.rb2
-rw-r--r--app/controllers/request_controller.rb67
-rw-r--r--app/controllers/services_controller.rb29
-rw-r--r--app/controllers/track_controller.rb2
9 files changed, 107 insertions, 61 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index d8fda9c01..08528f8a8 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -36,7 +36,7 @@ class AdminController < ApplicationController
# also force a search reindexing (so changed text reflected in search)
info_request.reindex_request_events
- # and remove from varnsi
+ # and remove from varnish
info_request.purge_in_cache
end
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb
index 7bd794d23..30a43bb81 100644
--- a/app/controllers/admin_public_body_controller.rb
+++ b/app/controllers/admin_public_body_controller.rb
@@ -142,13 +142,7 @@ class AdminPublicBodyController < AdminController
@notes = ""
@errors = ""
if request.post?
- if params['commit'] == 'Dry run'
- dry_run_only = true
- elsif params['commit'] == 'Upload'
- dry_run_only = false
- else
- raise "internal error, unknown button label"
- end
+ dry_run_only = (params['commit'] == 'Upload' ? false : true)
# Read file from params
if params[:csv_file]
csv_contents = params[:csv_file].read
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index ae4bb511a..c5abf8769 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -28,8 +28,8 @@ class AdminRequestController < AdminController
@info_request = InfoRequest.find(params[:id])
# XXX is this *really* the only way to render a template to a
# variable, rather than to the response?
- vars = OpenStruct.new(:name_to => @info_request.user_name,
- :name_from => MySociety::Config.get("CONTACT_NAME", 'Alaveteli'),
+ vars = OpenStruct.new(:name_to => @info_request.user_name,
+ :name_from => MySociety::Config.get("CONTACT_NAME", 'Alaveteli'),
:info_request => @info_request, :reason => params[:reason],
:info_request_url => 'http://' + MySociety::Config.get('DOMAIN') + request_url(@info_request),
:site_name => site_name)
@@ -81,6 +81,8 @@ class AdminRequestController < AdminController
:old_handle_rejected_responses => old_handle_rejected_responses, :handle_rejected_responses => @info_request.handle_rejected_responses,
:old_tag_string => old_tag_string, :tag_string => @info_request.tag_string
})
+ # expire cached files
+ expire_for_request(@info_request)
flash[:notice] = 'Request successfully updated.'
redirect_to request_admin_url(@info_request)
else
@@ -95,7 +97,8 @@ class AdminRequestController < AdminController
url_title = @info_request.url_title
@info_request.fully_destroy
-
+ # expire cached files
+ expire_for_request(@info_request)
flash[:notice] = "Request #{url_title} has been completely destroyed. Email of user who made request: " + user.email
redirect_to admin_url('request/list')
end
@@ -166,7 +169,8 @@ class AdminRequestController < AdminController
@incoming_message.fully_destroy
@incoming_message.info_request.log_event("destroy_incoming",
{ :editor => admin_http_auth_user(), :deleted_incoming_message_id => incoming_message_id })
-
+ # expire cached files
+ expire_for_request(@info_request)
flash[:notice] = 'Incoming message successfully destroyed.'
redirect_to request_admin_url(@info_request)
end
@@ -174,17 +178,18 @@ class AdminRequestController < AdminController
def redeliver_incoming
incoming_message = IncomingMessage.find(params[:redeliver_incoming_message_id])
message_ids = params[:url_title].split(",").each {|x| x.strip}
+ previous_request = incoming_message.info_request
destination_request = nil
ActiveRecord::Base.transaction do
for m in message_ids
if m.match(/^[0-9]+$/)
destination_request = InfoRequest.find_by_id(m.to_i)
else
- destination_request = InfoRequest.find_by_url_title(m)
+ destination_request = InfoRequest.find_by_url_title!(m)
end
if destination_request.nil?
flash[:error] = "Failed to find destination request '" + m + "'"
- return redirect_to request_admin_url(incoming_message.info_request)
+ return redirect_to request_admin_url(previous_request)
end
raw_email_data = incoming_message.raw_email.data
@@ -201,6 +206,8 @@ class AdminRequestController < AdminController
flash[:notice] = "Message has been moved to request(s). Showing the last one:"
end
+ # expire cached files
+ expire_for_request(previous_request)
incoming_message.fully_destroy
end
redirect_to request_admin_url(destination_request)
@@ -344,23 +351,29 @@ class AdminRequestController < AdminController
explanation = params[:explanation]
info_request = InfoRequest.find(params[:id])
info_request.prominence = "requester_only"
-
+
info_request.log_event("hide", {
:editor => admin_http_auth_user(),
:reason => params[:reason],
:subject => subject,
:explanation => explanation
})
-
+
info_request.set_described_state(params[:reason])
info_request.save!
- ContactMailer.deliver_from_admin_message(
- info_request.user,
- subject,
- params[:explanation]
- )
- flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
+ if ! info_request.is_external?
+ ContactMailer.deliver_from_admin_message(
+ info_request.user,
+ subject,
+ params[:explanation]
+ )
+ flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
+ else
+ flash[:notice] = _("This external request has been hidden")
+ end
+ # expire cached files
+ expire_for_request(info_request)
redirect_to request_admin_url(info_request)
end
end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 11f21025c..ce18e6ef5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -134,6 +134,10 @@ class ApplicationController < ActionController::Base
# Make sure expiry time for session is set (before_filters are
# otherwise missed by this override)
session_remember_me
+
+ # Make sure the locale is set correctly too
+ set_gettext_locale
+
case exception
when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError
@status = 404
@@ -157,6 +161,9 @@ class ApplicationController < ActionController::Base
# otherwise missed by this override)
session_remember_me
+ # Make sure the locale is set correctly too
+ set_gettext_locale
+
# Display default, detailed error for developers
original_rescue_action_locally(exception)
end
@@ -206,13 +213,16 @@ class ApplicationController < ActionController::Base
foi_cache_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache'))
return File.join(foi_cache_path, path)
end
+
def foi_fragment_cache_exists?(key_path)
return File.exists?(key_path)
end
+
def foi_fragment_cache_read(key_path)
logger.info "Reading from fragment cache #{key_path}"
return File.read(key_path)
end
+
def foi_fragment_cache_write(key_path, content)
FileUtils.mkdir_p(File.dirname(key_path))
logger.info "Writing to fragment cache #{key_path}"
@@ -382,8 +392,11 @@ class ApplicationController < ActionController::Base
# might fail later if the database has subsequently been reopened.
return result
end
+
def get_search_page_from_params
- return (params[:page] || "1").to_i
+ page = (params[:page] || "1").to_i
+ page = 1 if page < 1
+ return page
end
def perform_search_typeahead(query, model)
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index d9cd002dd..1552017c2 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -12,7 +12,7 @@ class CommentController < ApplicationController
def new
if params[:type] == 'request'
- @info_request = InfoRequest.find_by_url_title(params[:url_title])
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
@track_thing = TrackThing.create_track_for_request(@info_request)
if params[:comment]
@comment = Comment.new(params[:comment].merge({
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index e3b77271e..c7affd57c 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -15,7 +15,7 @@ class HelpController < ApplicationController
def unhappy
@info_request = nil
if params[:url_title]
- @info_request = InfoRequest.find_by_url_title(params[:url_title])
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
end
end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 7f42eeb7e..6e983a014 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -64,10 +64,7 @@ class RequestController < ApplicationController
end
# Look up by new style text names
- @info_request = InfoRequest.find_by_url_title(params[:url_title])
- if @info_request.nil?
- raise ActiveRecord::RecordNotFound.new("Request not found")
- end
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
set_last_request(@info_request)
# Test for whole request being hidden
@@ -80,7 +77,13 @@ class RequestController < ApplicationController
@info_request_events = @info_request.info_request_events
@status = @info_request.calculate_status
@collapse_quotes = params[:unfold] ? false : true
- @update_status = params[:update_status] ? true : false
+
+ # Don't allow status update on external requests, otherwise accept param
+ if @info_request.is_external?
+ @update_status = false
+ else
+ @update_status = params[:update_status] ? true : false
+ end
@old_unclassified = @info_request.is_old_unclassified? && !authenticated_user.nil?
@is_owning_user = @info_request.is_owning_user?(authenticated_user)
@@ -125,14 +128,10 @@ class RequestController < ApplicationController
# Extra info about a request, such as event history
def details
long_cache
- @info_request = InfoRequest.find_by_url_title(params[:url_title])
- if @info_request.nil?
- raise ActiveRecord::RecordNotFound.new("Request not found")
- else
- if !@info_request.user_can_view?(authenticated_user)
- render :template => 'request/hidden', :status => 410 # gone
- return
- end
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
+ if !@info_request.user_can_view?(authenticated_user)
+ render :template => 'request/hidden', :status => 410 # gone
+ return
end
@columns = ['id', 'event_type', 'created_at', 'described_state', 'last_described_at', 'calculated_state' ]
end
@@ -142,7 +141,7 @@ class RequestController < ApplicationController
short_cache
@per_page = 25
@page = (params[:page] || "1").to_i
- @info_request = InfoRequest.find_by_url_title(params[:url_title])
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
raise ActiveRecord::RecordNotFound.new("Request not found") if @info_request.nil?
if !@info_request.user_can_view?(authenticated_user)
@@ -313,7 +312,7 @@ class RequestController < ApplicationController
# case the list of errors will also contain a more specific error
# describing the reason it is invalid.
@info_request.errors.delete("outgoing_messages")
-
+
render :action => 'new'
return
end
@@ -385,6 +384,13 @@ class RequestController < ApplicationController
return
end
+ # If this is an external request, go to the request page - we don't allow
+ # state change from the front end interface.
+ if @info_request.is_external?
+ redirect_to request_url(@info_request)
+ return
+ end
+
@is_owning_user = @info_request.is_owning_user?(authenticated_user)
@last_info_request_event_id = @info_request.last_event_id_needing_description
@old_unclassified = @info_request.is_old_unclassified? && !authenticated_user.nil?
@@ -431,7 +437,7 @@ class RequestController < ApplicationController
})
# Don't give advice on what to do next, as it isn't their request
- RequestMailer.deliver_old_unclassified_updated(@info_request)
+ RequestMailer.deliver_old_unclassified_updated(@info_request) if !@info_request.is_external?
if session[:request_game]
flash[:notice] = _('Thank you for updating the status of the request \'<a href="{{url}}">{{info_request_title}}</a>\'. There are some more requests below for you to classify.',:info_request_title=>CGI.escapeHTML(@info_request.title), :url=>CGI.escapeHTML(request_url(@info_request)))
redirect_to play_url
@@ -592,6 +598,13 @@ class RequestController < ApplicationController
return
end
+ # Test for external request
+ if @info_request.is_external?
+ @reason = 'external'
+ render :action => 'followup_bad'
+ return
+ end
+
# Force login early - this is really the "send followup" form. We want
# to make sure they're the right user first, before they start writing a
# message and wasting their time if they are not the requester.
@@ -659,16 +672,21 @@ class RequestController < ApplicationController
@info_request = incoming_message.info_request # used by view
render :template => 'request/hidden', :status => 410 # gone
end
+ # Is this a completely public request that we can cache attachments for
+ # to be served up without authentication?
+ if incoming_message.info_request.all_can_view?
+ @files_can_be_cached = true
+ end
end
def report_request
- info_request = InfoRequest.find_by_url_title(params[:url_title])
+ info_request = InfoRequest.find_by_url_title!(params[:url_title])
return if !authenticated?(
:web => _("To report this FOI request"),
:email => _("Then you can report the request '{{title}}'", :title => info_request.title),
:email_subject => _("Report an offensive or unsuitable request")
)
-
+
if !info_request.attention_requested
info_request.set_described_state('attention_requested', @user)
info_request.attention_requested = true # tells us if attention has ever been requested
@@ -689,6 +707,7 @@ class RequestController < ApplicationController
key = params.merge(:only_path => true)
key_path = foi_fragment_cache_path(key)
if foi_fragment_cache_exists?(key_path)
+ logger.info("Reading cache for #{key_path}")
raise PermissionDenied.new("Directory listing not allowed") if File.directory?(key_path)
cached = foi_fragment_cache_read(key_path)
response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream'
@@ -703,7 +722,10 @@ class RequestController < ApplicationController
# various fragment cache functions using Ruby Marshall to write the file
# which adds a header, so isnt compatible with images that have been
# extracted elsewhere from PDFs)
- foi_fragment_cache_write(key_path, response.body)
+ if @files_can_be_cached == true
+ logger.info("Writing cache for #{key_path}")
+ foi_fragment_cache_write(key_path, response.body)
+ end
end
end
end
@@ -784,7 +806,7 @@ class RequestController < ApplicationController
def upload_response
@locale = self.locale_from_params()
PublicBody.with_locale(@locale) do
- @info_request = InfoRequest.find_by_url_title(params[:url_title])
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
@reason_params = {
:web => _("To upload a response, you must be logged in using an email address from ") + CGI.escapeHTML(@info_request.public_body.name),
@@ -841,10 +863,7 @@ class RequestController < ApplicationController
def download_entire_request
@locale = self.locale_from_params()
PublicBody.with_locale(@locale) do
- info_request = InfoRequest.find_by_url_title(params[:url_title])
- if info_request.nil?
- raise ActiveRecord::RecordNotFound.new("Request not found")
- end
+ info_request = InfoRequest.find_by_url_title!(params[:url_title])
if authenticated?(
:web => _("To download the zip file"),
:email => _("Then you can download a zip file of {{info_request_title}}.",:info_request_title=>info_request.title),
diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb
index 00c0e61bd..40e0faaf7 100644
--- a/app/controllers/services_controller.rb
+++ b/app/controllers/services_controller.rb
@@ -3,36 +3,43 @@
require 'open-uri'
class ServicesController < ApplicationController
+
def other_country_message
text = ""
iso_country_code = MySociety::Config.get('ISO_COUNTRY_CODE').downcase
if country_from_ip.downcase != iso_country_code
found_country = WorldFOIWebsites.by_code(country_from_ip)
found_country_name = !found_country.nil? && found_country[:country_name]
- old_locale = FastGettext.locale
- FastGettext.locale = FastGettext.best_locale_in(request.env['HTTP_ACCEPT_LANGUAGE'])
- if found_country_name
- text = _("Hello! You can make Freedom of Information requests within {{country_name}} at {{link_to_website}}", :country_name => found_country_name, :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>")
- else
- current_country = WorldFOIWebsites.by_code(iso_country_code)[:country_name]
- text = _("Hello! We have an <a href=\"/help/alaveteli?country_name=#{CGI.escape(current_country)}\">important message</a> for visitors outside {{country_name}}", :country_name => current_country)
+
+ old_fgt_locale = FastGettext.locale
+ begin
+ FastGettext.locale = FastGettext.best_locale_in(request.env['HTTP_ACCEPT_LANGUAGE'])
+ if found_country_name
+ text = _("Hello! You can make Freedom of Information requests within {{country_name}} at {{link_to_website}}", :country_name => found_country_name, :link_to_website => "<a href=\"#{found_country[:url]}\">#{found_country[:name]}</a>")
+ else
+ current_country = WorldFOIWebsites.by_code(iso_country_code)[:country_name]
+ text = _("Hello! We have an <a href=\"/help/alaveteli?country_name=#{CGI.escape(current_country)}\">important message</a> for visitors outside {{country_name}}", :country_name => current_country)
+ end
+ ensure
+ FastGettext.locale = old_fgt_locale
end
- FastGettext.locale = old_locale
end
if !text.empty?
text += ' <span class="close-button">X</span>'
end
render :text => text, :content_type => "text/plain" # XXX workaround the HTML validation in test suite
end
+
def hidden_user_explanation
info_request = InfoRequest.find(params[:info_request_id])
- render :template => "admin_request/hidden_user_explanation",
+ render :template => "admin_request/hidden_user_explanation",
:content_type => "text/plain",
:layout => false,
- :locals => {:name_to => info_request.user.name,
- :name_from => MySociety::Config.get("CONTACT_NAME", 'Alaveteli'),
+ :locals => {:name_to => info_request.user_name,
+ :name_from => MySociety::Config.get("CONTACT_NAME", 'Alaveteli'),
:info_request => info_request, :reason => params[:reason],
:info_request_url => 'http://' + MySociety::Config.get('DOMAIN') + request_url(info_request),
:site_name => site_name}
end
+
end
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 07e807451..1a21491b1 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -15,7 +15,7 @@ class TrackController < ApplicationController
# Track all updates to a particular request
def track_request
- @info_request = InfoRequest.find_by_url_title(params[:url_title])
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
@track_thing = TrackThing.create_track_for_request(@info_request)
return atom_feed_internal if params[:feed] == 'feed'
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 09:24:13 +0000