diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/api_controller.rb | 169 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 8 | ||||
| -rwxr-xr-x | app/helpers/link_to_helper.rb | 7 | ||||
| -rw-r--r-- | app/models/incoming_message.rb | 2 | ||||
| -rw-r--r-- | app/models/info_request.rb | 43 | ||||
| -rw-r--r-- | app/models/info_request_event.rb | 2 | ||||
| -rw-r--r-- | app/models/public_body.rb | 11 | ||||
| -rw-r--r-- | app/models/raw_email.rb | 15 | ||||
| -rw-r--r-- | app/models/request_mailer.rb | 22 | ||||
| -rw-r--r-- | app/views/admin_public_body/show.rhtml | 2 | ||||
| -rw-r--r-- | app/views/admin_request/_some_requests.rhtml | 10 | ||||
| -rw-r--r-- | app/views/request/_request_listing_short_via_event.rhtml | 2 | ||||
| -rw-r--r-- | app/views/request/_request_listing_via_event.rhtml | 6 | ||||
| -rw-r--r-- | app/views/request/_sidebar.rhtml | 2 | ||||
| -rw-r--r-- | app/views/request_mailer/external_response.rhtml | 1 | ||||
| -rw-r--r-- | app/views/request_mailer/new_response_reminder_alert.rhtml | 2 |
16 files changed, 278 insertions, 26 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb new file mode 100644 index 000000000..524aa44b7 --- /dev/null +++ b/app/controllers/api_controller.rb @@ -0,0 +1,169 @@ +class ApiController < ApplicationController + before_filter :check_api_key + + def show_request + @request = InfoRequest.find(params[:id]) + raise PermissionDenied if @request.public_body_id != @public_body.id + + @request_data = { + :id => @request.id, + :url => make_url("request", @request.url_title), + :title => @request.title, + + :created_at => @request.created_at, + :updated_at => @request.updated_at, + + :status => @request.calculate_status, + + :public_body_url => make_url("body", @request.public_body.url_name), + :requestor_url => make_url("user", @request.user.url_name), + :request_email => @request.incoming_email, + + :request_text => @request.last_event_forming_initial_request.outgoing_message.body, + } + + render :json => @request_data + end + + def create_request + json = ActiveSupport::JSON.decode(params[:request_json]) + request = InfoRequest.new( + :title => json["title"], + :public_body_id => @public_body.id, + :described_state => "waiting_response", + :external_user_name => json["external_user_name"], + :external_url => json["external_url"] + ) + + outgoing_message = OutgoingMessage.new( + :status => 'ready', + :message_type => 'initial_request', + :body => json["body"], + :last_sent_at => Time.now(), + :what_doing => 'normal_sort', + :info_request => request + ) + request.outgoing_messages << outgoing_message + + # Return an error if the request is invalid + # (Can this ever happen?) + if !request.valid? + render :json => { + 'errors' => request.errors.full_messages + } + return + end + + # Save the request, and add the corresponding InfoRequestEvent + request.save! + request.log_event("sent", + :api => true, + :email => nil, + :outgoing_message_id => outgoing_message.id, + :smtp_message_id => nil + ) + + # Return the URL and ID number. + render :json => { + 'url' => make_url("request", request.url_title), + 'id' => request.id + } + + end + + def add_correspondence + request = InfoRequest.find(params[:id]) + json = ActiveSupport::JSON.decode(params[:correspondence_json]) + attachments = params[:attachments] + + direction = json["direction"] + body = json["body"] + sent_at_str = json["sent_at"] + + errors = [] + + if !request.is_external? + raise ActiveRecord::RecordNotFound.new("Request #{params[:id]} cannot be updated using the API") + end + + if request.public_body_id != @public_body.id + raise ActiveRecord::RecordNotFound.new("You do not own request #{params[:id]}") + end + + if !["request", "response"].include?(direction) + errors << "The direction parameter must be 'request' or 'response'" + end + + if body.nil? + errors << "The 'body' is missing" + elsif body.empty? + errors << "The 'body' is empty" + end + + begin + sent_at = Time.iso8601(sent_at_str) + rescue ArgumentError + errors << "Failed to parse 'sent_at' field as ISO8601 time: #{sent_at_str}" + end + + if direction == "request" && !attachments.nil? + errors << "You cannot attach files to messages in the 'request' direction" + end + + if !errors.empty? + render :json => { "errors" => errors }, :status => 500 + return + end + + if direction == "request" + # In the 'request' direction, i.e. what we (Alaveteli) regard as outgoing + + outgoing_message = OutgoingMessage.new( + :info_request => request, + :status => 'ready', + :message_type => 'followup', + :body => body, + :last_sent_at => sent_at, + :what_doing => 'normal_sort' + ) + request.outgoing_messages << outgoing_message + request.save! + request.log_event("followup_sent", + :api => true, + :email => nil, + :outgoing_message_id => outgoing_message.id, + :smtp_message_id => nil + ) + else + # In the 'response' direction, i.e. what we (Alaveteli) regard as incoming + attachment_hashes = [] + (attachments || []).each_with_index do |attachment, i| + filename = File.basename(attachment.original_filename) + attachment_body = attachment.read + content_type = AlaveteliFileTypes.filename_and_content_to_mimetype(filename, attachment_body) || 'application/octet-stream' + attachment_hashes.push( + :content_type => content_type, + :body => attachment_body, + :filename => filename + ) + end + + mail = RequestMailer.create_external_response(request, body, sent_at, attachment_hashes) + request.receive(mail, mail.encoded, true) + end + + head :no_content + end + + protected + def check_api_key + raise "Missing required parameter 'k'" if params[:k].nil? + @public_body = PublicBody.find_by_api_key(params[:k].gsub(' ', '+')) + raise PermissionDenied if @public_body.nil? + end + + private + def make_url(*args) + "http://" + MySociety::Config.get("DOMAIN", '127.0.0.1:3000') + "/" + args.join("/") + end +end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 2f5b4d643..7f42eeb7e 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -59,7 +59,7 @@ class RequestController < ApplicationController # Look up by old style numeric identifiers if params[:url_title].match(/^[0-9]+$/) @info_request = InfoRequest.find(params[:url_title].to_i) - redirect_to request_url(@info_request) + redirect_to request_url(@info_request, :format => params[:format]) return end @@ -309,9 +309,11 @@ class RequestController < ApplicationController # See if values were valid or not if !@existing_request.nil? || !@info_request.valid? - # We don't want the error "Outgoing messages is invalid", as the outgoing message - # will be valid for a specific reason which we are displaying anyway. + # We don't want the error "Outgoing messages is invalid", as in this + # case the list of errors will also contain a more specific error + # describing the reason it is invalid. @info_request.errors.delete("outgoing_messages") + render :action => 'new' return end diff --git a/app/helpers/link_to_helper.rb b/app/helpers/link_to_helper.rb index f621721b6..1a86333b6 100755 --- a/app/helpers/link_to_helper.rb +++ b/app/helpers/link_to_helper.rb @@ -96,6 +96,13 @@ module LinkToHelper def user_link_absolute(user) link_to h(user.name), main_url(user_url(user)) end + def request_user_link_absolute(request) + if request.is_external? + request.external_user_name || _("Anonymous user") + else + user_link_absolute(request.user) + end + end def user_or_you_link(user) if @user && user == @user link_to h("you"), user_url(user) diff --git a/app/models/incoming_message.rb b/app/models/incoming_message.rb index 3419956d6..593590fb8 100644 --- a/app/models/incoming_message.rb +++ b/app/models/incoming_message.rb @@ -344,7 +344,7 @@ class IncomingMessage < ActiveRecord::Base # Lotus notes quoting yeuch! def remove_lotus_quoting(text, replacement = "FOLDED_QUOTED_SECTION") text = text.dup - name = Regexp.escape(self.info_request.user.name) + name = Regexp.escape(self.info_request.user_name) # To end of message sections # http://www.whatdotheyknow.com/request/university_investment_in_the_arm diff --git a/app/models/info_request.rb b/app/models/info_request.rb index 3a571daae..d09acbcf6 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -33,7 +33,7 @@ class InfoRequest < ActiveRecord::Base validates_format_of :title, :with => /[a-zA-Z]/, :message => N_("Please write a summary with some text in it"), :if => Proc.new { |info_request| !info_request.title.nil? && !info_request.title.empty? } belongs_to :user - #validates_presence_of :user_id # breaks during construction of new ones :( + validate :must_be_internal_or_external belongs_to :public_body validates_presence_of :public_body_id @@ -104,6 +104,43 @@ class InfoRequest < ActiveRecord::Base errors.add(:described_state, "is not a valid state") if !InfoRequest.enumerate_states.include? described_state end + + # The request must either be internal, in which case it has + # a foreign key reference to a User object and no external_url or external_user_name, + # or else be external in which case it has no user_id but does have an external_url, + # and may optionally also have an external_user_name. + # + # External requests are requests that have been added using the API, whereas internal + # requests are requests made using the site. + def must_be_internal_or_external + # We must permit user_id and external_user_name both to be nil, because the system + # allows a request to be created by a non-logged-in user. + if !user_id.nil? + errors.add(:external_user_name, "must be null for an internal request") if !external_user_name.nil? + errors.add(:external_url, "must be null for an internal request") if !external_url.nil? + end + end + + def is_external? + !external_url.nil? + end + + def user_name + is_external? ? external_user_name : user.name + end + + def user_name_slug + if is_external? + if external_user_name.nil? + fake_slug = "anonymous" + else + fake_slug = external_user_name.parameterize + end + public_body.url_name + "_"+fake_slug + else + user.url_name + end + end @@custom_states_loaded = false begin @@ -232,7 +269,7 @@ public return self.magic_email("request-") end def incoming_name_and_email - return TMail::Address.address_from_name_and_email(self.user.name, self.incoming_email).to_s + return TMail::Address.address_from_name_and_email(self.user_name, self.incoming_email).to_s end # Subject lines for emails about the request @@ -453,7 +490,7 @@ public self.save! end self.info_request_events.each { |event| event.xapian_mark_needs_index } # for the "waiting_classification" index - RequestMailer.deliver_new_response(self, incoming_message) + RequestMailer.deliver_new_response(self, incoming_message) if !is_external? end diff --git a/app/models/info_request_event.rb b/app/models/info_request_event.rb index 9a4f6d9fe..a827d19a4 100644 --- a/app/models/info_request_event.rb +++ b/app/models/info_request_event.rb @@ -118,7 +118,7 @@ class InfoRequestEvent < ActiveRecord::Base :eager_load => [ :outgoing_message, :comment, { :info_request => [ :user, :public_body, :censor_rules ] } ] def requested_by - self.info_request.user.url_name + self.info_request.user_name_slug end def requested_from # acts_as_xapian will detect translated fields via Globalize and add all the diff --git a/app/models/public_body.rb b/app/models/public_body.rb index 267b5d60c..a372de435 100644 --- a/app/models/public_body.rb +++ b/app/models/public_body.rb @@ -17,6 +17,7 @@ # notes :text default(""), not null # first_letter :string(255) not null # publication_scheme :text default(""), not null +# api_key :string(255) not null # # models/public_body.rb: @@ -28,6 +29,7 @@ # $Id: public_body.rb,v 1.160 2009-10-02 22:56:35 francis Exp $ require 'csv' +require 'securerandom' require 'set' class PublicBody < ActiveRecord::Base @@ -87,10 +89,13 @@ class PublicBody < ActiveRecord::Base end end - # Make sure publication_scheme gets the correct default value. - # (This would work automatically, were publication_scheme not a translated attribute) def after_initialize + # Make sure publication_scheme gets the correct default value. + # (This would work automatically, were publication_scheme not a translated attribute) self.publication_scheme = "" if self.publication_scheme.nil? + + # Set an API key if there isn’t one + self.api_key = SecureRandom.base64(32) if self.api_key.nil? end # like find_by_url_name but also search historic url_name if none found @@ -178,7 +183,7 @@ class PublicBody < ActiveRecord::Base end acts_as_versioned - self.non_versioned_columns << 'created_at' << 'updated_at' << 'first_letter' + self.non_versioned_columns << 'created_at' << 'updated_at' << 'first_letter' << 'api_key' class Version attr_accessor :created_at diff --git a/app/models/raw_email.rb b/app/models/raw_email.rb index 1466e5d9c..3bb794684 100644 --- a/app/models/raw_email.rb +++ b/app/models/raw_email.rb @@ -19,13 +19,12 @@ class RawEmail < ActiveRecord::Base has_one :incoming_message - # We keep the old data_text field (which is of type text) for backwards - # compatibility. We use the new data_binary field because only it works - # properly in recent versions of PostgreSQL (get seg faults escaping - # some binary strings). - def directory request_id = self.incoming_message.info_request.id.to_s + if request_id.empty? + raise "Failed to find the id number of the associated request: has it been saved?" + end + if ENV["RAILS_ENV"] == "test" return File.join(Rails.root, 'files/raw_email_test') else @@ -36,7 +35,11 @@ class RawEmail < ActiveRecord::Base end def filepath - File.join(self.directory, self.incoming_message.id.to_s) + incoming_message_id = self.incoming_message.id.to_s + if incoming_message_id.empty? + raise "Failed to find the id number of the associated incoming message: has it been saved?" + end + File.join(self.directory, incoming_message_id) end def data=(d) diff --git a/app/models/request_mailer.rb b/app/models/request_mailer.rb index 1b0bb48b9..03d26f237 100644 --- a/app/models/request_mailer.rb +++ b/app/models/request_mailer.rb @@ -28,6 +28,21 @@ class RequestMailer < ApplicationMailer :filename => attachment_name end end + + # Used when a response is uploaded using the API + def external_response(info_request, body, sent_at, attachments) + @from = blackhole_email + @recipients = info_request.incoming_name_and_email + @body = { :body => body } + + # ActionMailer only works properly when the time is in the local timezone: + # see https://rails.lighthouseapp.com/projects/8994/tickets/3113-actionmailer-only-works-correctly-with-sent_on-times-that-are-in-the-local-time-zone + @sent_on = sent_at.dup.localtime + + attachments.each do |attachment_hash| + attachment attachment_hash + end + end # Incoming message arrived for a request, but new responses have been stopped. def stopped_responses(info_request, email, raw_email_data) @@ -241,7 +256,12 @@ class RequestMailer < ApplicationMailer # Send email alerts for overdue requests def self.alert_overdue_requests() - info_requests = InfoRequest.find(:all, :conditions => [ "described_state = 'waiting_response' and awaiting_description = ?", false ], :include => [ :user ] ) + info_requests = InfoRequest.find(:all, + :conditions => [ + "described_state = 'waiting_response' and awaiting_description = ? and user_id is not null", false + ], + :include => [ :user ] + ) for info_request in info_requests alert_event_id = info_request.last_event_forming_initial_request.id # Only overdue requests diff --git a/app/views/admin_public_body/show.rhtml b/app/views/admin_public_body/show.rhtml index 643ccf5e8..fa17d4027 100644 --- a/app/views/admin_public_body/show.rhtml +++ b/app/views/admin_public_body/show.rhtml @@ -49,7 +49,7 @@ <th>Updated at</th> <% history_columns = PublicBody.content_columns + [] # force dup - history_columns.delete_if {|c| ['created_at', 'updated_at', 'first_letter'].include?(c.name)} + history_columns.delete_if {|c| ['created_at', 'updated_at', 'first_letter', 'api_key'].include?(c.name)} for column in history_columns %> <th><%= column.human_name %></th> <% end %> diff --git a/app/views/admin_request/_some_requests.rhtml b/app/views/admin_request/_some_requests.rhtml index f2b8e7bea..dc11e0f55 100644 --- a/app/views/admin_request/_some_requests.rhtml +++ b/app/views/admin_request/_some_requests.rhtml @@ -12,7 +12,15 @@ <tr class="<%= cycle('odd', 'even') %>"> <td><%= request_both_links(info_request) %></td> <td><%= public_body_both_links(info_request.public_body) %></td> - <td><%= user_both_links(info_request.user) %></td> + <% if info_request.is_external? %> + <% if info_request.external_user_name.nil? %> + <td><i><%= _("Anonymous user") %></i></td> + <% else %> + <td><%= h(info_request.external_user_name) %></td> + <% end %> + <% else %> + <td><%= user_both_links(info_request.user) %></td> + <% end %> <% for column in InfoRequest.content_columns.map { |c| c.name } - [ "title", "url_title" ] %> <td><%=h info_request.send(column) %></td> <% end %> diff --git a/app/views/request/_request_listing_short_via_event.rhtml b/app/views/request/_request_listing_short_via_event.rhtml index cc2a5a162..d93a91070 100644 --- a/app/views/request/_request_listing_short_via_event.rhtml +++ b/app/views/request/_request_listing_short_via_event.rhtml @@ -7,7 +7,7 @@ end %> <p> <%= _('To {{public_body_link_absolute}}',:public_body_link_absolute => public_body_link_absolute(info_request.public_body))%> -<%= _('by {{user_link_absolute}}',:user_link_absolute => user_link_absolute(info_request.user))%> +<%= _('by {{user_link_absolute}}',:user_link_absolute => request_user_link_absolute(info_request))%> <%= simple_date(info_request.created_at) %> </p> </div> diff --git a/app/views/request/_request_listing_via_event.rhtml b/app/views/request/_request_listing_via_event.rhtml index 7a211ed88..e3abfe393 100644 --- a/app/views/request/_request_listing_via_event.rhtml +++ b/app/views/request/_request_listing_via_event.rhtml @@ -17,13 +17,13 @@ end %> </span> <div class="requester"> <% if event.event_type == 'sent' %> - <%= _('Request sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at )) %> + <%= _('Request sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at )) %> <% elsif event.event_type == 'followup_sent' %> <%=event.display_status %> - <%= _('sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at )) %> + <%= _('sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at )) %> <% elsif event.event_type == 'response' %> <%=event.display_status %> - <%= _('by {{public_body_name}} to {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at )) %> + <%= _('by {{public_body_name}} to {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at )) %> <% elsif event.event_type == 'comment' %> <%= _('Request to {{public_body_name}} by {{info_request_user}}. Annotated by {{event_comment_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:event_comment_user=>user_link_absolute(event.comment.user),:date=>simple_date(event.created_at)) %> <% else %> diff --git a/app/views/request/_sidebar.rhtml b/app/views/request/_sidebar.rhtml index d6d5e8f12..d20e27e23 100644 --- a/app/views/request/_sidebar.rhtml +++ b/app/views/request/_sidebar.rhtml @@ -23,7 +23,7 @@ <p><%= _('This request has been marked for review by the site administrators, who have not hidden it at this time. If you believe it should be hidden, please <a href="%s">contact us</a>.') % [help_requesting_path] %></p> <% end %> <% else %> - <p><%= _('Requests for personal information and vexatious requests are not considered valid for FOI purposes (<a href="/help/about">read more</a>).') %> + <p><%= _('Requests for personal information and vexatious requests are not considered valid for FOI purposes (<a href="/help/about">read more</a>).') %></p> <p><%= ('If you believe this request is not suitable, you can report it for attention by the site administrators') %></p> <%= link_to _("Report this request"), report_path, :class => "link_button_green", :method => "POST" %> <% end %> diff --git a/app/views/request_mailer/external_response.rhtml b/app/views/request_mailer/external_response.rhtml new file mode 100644 index 000000000..e9858f03f --- /dev/null +++ b/app/views/request_mailer/external_response.rhtml @@ -0,0 +1 @@ +<%=@body%> diff --git a/app/views/request_mailer/new_response_reminder_alert.rhtml b/app/views/request_mailer/new_response_reminder_alert.rhtml index 5f07e8559..86fc71de7 100644 --- a/app/views/request_mailer/new_response_reminder_alert.rhtml +++ b/app/views/request_mailer/new_response_reminder_alert.rhtml @@ -1,4 +1,4 @@ -<%=_('To let us know, follow this link and then select the appropriate box.')%> +<%=_('To let everyone know, follow this link and then select the appropriate box.')%> <%=@url%> |