5 files changed, 87 insertions, 21 deletions

diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index dfd44f32b..ca00da9ab 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: admin_request_controller.rb,v 1.34 2009-04-08 16:13:11 louise Exp $
+# $Id: admin_request_controller.rb,v 1.35 2009-06-15 14:42:11 francis Exp $
 
 class AdminRequestController < AdminController
     def index
@@ -45,7 +45,8 @@ class AdminRequestController < AdminController
         old_prominence = @info_request.prominence
         old_described_state = @info_request.described_state
         old_awaiting_description = @info_request.awaiting_description
-        old_stop_new_responses = @info_request.stop_new_responses
+        old_allow_new_responses_from = @info_request.allow_new_responses_from
+        old_handle_rejected_responses = @info_request.handle_rejected_responses
 
         @info_request.title = params[:info_request][:title]
         @info_request.prominence = params[:info_request][:prominence]
@@ -53,7 +54,8 @@ class AdminRequestController < AdminController
             @info_request.set_described_state(params[:info_request][:described_state])
         end
         @info_request.awaiting_description = params[:info_request][:awaiting_description] == "true" ? true : false
-        @info_request.stop_new_responses = params[:info_request][:stop_new_responses] == "true" ? true : false
+        @info_request.allow_new_responses_from = params[:info_request][:allow_new_responses_from]
+        @info_request.handle_rejected_responses = params[:info_request][:handle_rejected_responses]
 
         if @info_request.valid?
             @info_request.save!
@@ -63,7 +65,8 @@ class AdminRequestController < AdminController
                     :old_prominence => old_prominence, :prominence => @info_request.prominence, 
                     :old_described_state => old_described_state, :described_state => @info_request.described_state,
                     :old_awaiting_description => old_awaiting_description, :awaiting_description => @info_request.awaiting_description,
-                    :old_stop_new_responses => old_stop_new_responses, :stop_new_responses => @info_request.stop_new_responses
+                    :old_allow_new_responses_from => old_allow_new_responses_from, :allow_new_responses_from => @info_request.allow_new_responses_from,
+                    :old_handle_rejected_responses => old_handle_rejected_responses, :handle_rejected_responses => @info_request.handle_rejected_responses
                 })
             flash[:notice] = 'Request successfully updated.'
             redirect_to request_admin_url(@info_request)
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 8316eebf3..97181ddf7 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: request_controller.rb,v 1.160 2009-06-12 13:53:45 francis Exp $
+# $Id: request_controller.rb,v 1.161 2009-06-15 14:42:11 francis Exp $
 
 class RequestController < ApplicationController
     
@@ -451,7 +451,7 @@ class RequestController < ApplicationController
         end
 
         if !params[:submitted_followup].nil? && !params[:reedit]
-            if @info_request.stop_new_responses
+            if @info_request.allow_new_responses_from == 'nobody'
                 flash[:error] = 'Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="/help/contact">contact us</a> if you really want to send a follow up message.'
             else
                 # See if values were valid or not
diff --git a/app/models/info_request.rb b/app/models/info_request.rb
index c247f9286..3f6b29a3b 100644
--- a/app/models/info_request.rb
+++ b/app/models/info_request.rb
@@ -23,7 +23,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: info_request.rb,v 1.189 2009-04-23 14:20:47 francis Exp $
+# $Id: info_request.rb,v 1.190 2009-06-15 14:42:11 francis Exp $
 
 require 'digest/sha1'
 require File.join(File.dirname(__FILE__),'../../vendor/plugins/acts_as_xapian/lib/acts_as_xapian')
@@ -73,6 +73,19 @@ class InfoRequest < ActiveRecord::Base
         'foi', # Freedom of Information Act
         'eir', # Environmental Information Regulations
     ]
+
+    # who can send new responses
+    validates_inclusion_of :allow_new_responses_from, :in => [
+        'anybody', # anyone who knows the request email address
+        'authority_only', # only people from authority domains
+        'nobody'
+    ]
+    # what to do with rejected new responses
+    validates_inclusion_of :handle_rejected_responses, :in => [
+        'bounce', # return them to sender
+        'holding_pen', # put them in the holding pen
+        'blackhole' # just dump them
+    ]
     
     OLD_AGE_IN_DAYS = 14.days
 
@@ -265,10 +278,47 @@ public
 
     # A new incoming email to this request
     def receive(email, raw_email_data, override_stop_new_responses = false)
-        # See if new responses are prevented for spam reasons
-        if self.stop_new_responses && !override_stop_new_responses
-            RequestMailer.deliver_stopped_responses(self, email)
-            return
+        if !override_stop_new_responses
+            allow = nil
+
+            # See if new responses are prevented for spam reasons
+            if self.allow_new_responses_from == 'nobody'
+                allow = false
+            elsif self.allow_new_responses_from == 'anybody'
+                allow = true
+            elsif self.allow_new_responses_from == 'authority_only'
+                if email.from_addrs.nil? || email.from_addrs.size == 0
+                    allow = false
+                else
+                    sender_email = email.from_addrs[0].to_s
+                    sender_domain = PublicBody.extract_domain_from_email(sender_email)
+                    allow = false
+                    # Allow any domain that has already sent reply
+                    for row in self.who_can_followup_to
+                        request_domain = PublicBody.extract_domain_from_email(row[1])
+                        if request_domain == sender_domain
+                            allow = true
+                        end
+                    end
+                end
+            else
+                raise "Unknown allow_new_responses_from '" + self.allow_new_responses_from + "'"
+            end
+
+            if !allow
+                if self.handle_rejected_responses == 'bounce'
+                    RequestMailer.deliver_stopped_responses(self, email)
+                elsif self.handle_rejected_responses == 'holding_pen'
+                    InfoRequest.holding_pen_request.receive(email, raw_email_data)
+                elsif self.handle_rejected_responses == 'blackhole'
+                    # do nothing - just lose the message (Note: a copy will be
+                    # in the backup mailbox if the server is configured to send
+                    # new incoming messages there as well as this script)
+                else
+                    raise "Unknown handle_rejected_responses '" + self.handle_rejected_responses + "'"
+                end
+                return
+            end
         end
 
         # Otherwise log the message
@@ -763,6 +813,13 @@ public
         !user.nil? && (user.id == user_id || user.owns_every_request?)
     end
 
+    # XXX to be called from a cron job later
+    def self.stop_new_responses_on_old_requests
+        # 6 months since last change to request, only allow new incoming messages from authority domains
+        InfoRequest.update_all "allow_new_responses_from = 'authority_only' where updated_at < (now() - interval '6 months') and allow_new_responses_from = 'anybody'"
+        # 1 year since last change requests, don't allow any new incoming messages
+        PostRedirect.update_all "allow_new_responses_from = 'nobody' where updated_at < (now() - interval '1 year') and allow_new_responses_from in ('anybody', 'authority_only')"
+    end
 end
 
 
diff --git a/app/views/admin_request/edit.rhtml b/app/views/admin_request/edit.rhtml
index 7374042f1..8756ee0fb 100644
--- a/app/views/admin_request/edit.rhtml
+++ b/app/views/admin_request/edit.rhtml
@@ -4,17 +4,24 @@
 
 <% form_tag '../update/' + @info_request.id.to_s do %>
 
-   <p><label for="info_request_title">Title</label> (warning: editing this will break URLs right now)<br/>
+   <p><label for="info_request_title"><strong>Title</strong></label> (warning: editing this will break URLs right now)<br/>
    <%= text_field 'info_request', 'title', :size => 50  %></p>
 
-   <p><label for="info_request_prominence">Prominence</label> (whether is shown in lists of requests / search or not)<br/>
+   <p><label for="info_request_prominence"><strong>Prominence</strong></label> 
    <%= select( 'info_request', "prominence", { "normal" => "normal", "backpage" => "backpage"}) %>
+   (whether request is shown in lists / search or not)
+   </p>
 
-   <p><label for="info_request_stop_new_responses">Stop new responses</label> (by email; use this on requests getting spam, but also work out how the email leaked and plug it)<br/>
-   <%= select('info_request', "stop_new_responses", [["Yes - stop new responses",true],["No - allow new responses",false]]) %>
+   <p>
+   <label for="info_request_allow_new_responses_from"><strong>Allow new responses</strong> from</label> 
+   <%= select( 'info_request', "allow_new_responses_from", [ "anybody", "authority_only", "nobody" ] ) %>;
+   <label for="info_request_handle_rejected_responses"><strong>Handle rejected responses</strong> with</label> 
+   <%= select( 'info_request', "handle_rejected_responses", [ "bounce", "holding_pen", "blackhole" ] ) %>
+   <br>
+   ('authority_only' means email From: domain of authority request email or any domain that has previously sent a response; 'nobody' also stops requester making followups; take care when using 'blackhole' which just drops mail)
    </p>
 
-   <p><label for="info_request_described_state">Described state</label> (don't forget to change 'awaiting description' below too if necessary)<br/>
+   <p><label for="info_request_described_state"><strong>Described state</strong></label> 
    <%= select( 'info_request', "described_state",
        [ 
         'waiting_response',
@@ -28,11 +35,10 @@
         'error_message',
         'requires_admin',
         'user_withdrawn'
-    ]) %>
-    </p>
-
-   <p><label for="info_request_awaiting_description">Awaiting description</label><br/>
+    ]) %>;
+    <label for="info_request_awaiting_description"><strong>Awaiting description</strong></label>
    <%= select('info_request', "awaiting_description", [["Yes - needs state updating",true],["No - state is up to date",false]]) %>
+   <br/>(don't forget to change 'awaiting description' when you set described state)<br/>
    </p>
 
    <p><%= submit_tag 'Save changes', :accesskey => 's' %>
diff --git a/app/views/request/_followup.rhtml b/app/views/request/_followup.rhtml
index a738e4e80..5c07b1b67 100644
--- a/app/views/request/_followup.rhtml
+++ b/app/views/request/_followup.rhtml
@@ -14,7 +14,7 @@
         </h2>
     <% end %>
 
-    <% if @info_request.stop_new_responses %>
+    <% if @info_request.allow_new_responses_from == 'nobody' %>
         <p>Follow ups and new responses to this request have been stopped to prevent spam. Please
         <a href="/help/contact">contact us</a> if you are <%= user_link(@info_request.user) %>
         and need to send a follow up.</p>