6 files changed, 129 insertions, 6 deletions

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index edde31749..7be9fa963 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: user_controller.rb,v 1.35 2008-03-06 14:15:41 francis Exp $
+# $Id: user_controller.rb,v 1.36 2008-03-12 13:01:04 francis Exp $
 
 class UserController < ApplicationController
     # Show page about a set of users with same url name
@@ -165,6 +165,46 @@ class UserController < ApplicationController
         end
     end
 
+    # Send a message to another user
+    def contact
+        @recipient_user = User.find(params[:id])
+
+        # You *must* be logged into send a message to another user. (This is
+        # partly to avoid spam, and partly to have some equanimity of openess
+        # between the two users)
+        if not authenticated?(
+                :web => "To send a message to " + CGI.escapeHTML(@recipient_user.name),
+                :email => "Then you can send a message to " + @recipient_user.name + ".",
+                :email_subject => "Send a message to " + @recipient_user.name
+            )
+            # "authenticated?" has done the redirect to signin page for us
+            return
+        end
+
+        if params[:submitted_contact_form]
+            params[:contact][:name] = @user.name
+            params[:contact][:email] = @user.email
+            @contact = ContactValidator.new(params[:contact])
+            if @contact.valid?
+                ContactMailer.deliver_user_message(
+                    @user,
+                    @recipient_user,
+                    main_url(user_url(@recipient_user)),
+                    params[:contact][:subject],
+                    params[:contact][:message]
+                )
+                flash[:notice] = "Your message to " + CGI.escapeHTML(@recipient_user.name) + " has been sent!"
+                redirect_to user_url(@recipient_user)
+                return
+            end
+        else
+            @contact = ContactValidator.new(
+                { :message => "" + @recipient_user.name + ",\n\n\n\nYours,\n\n" + @user.name }
+            )
+        end
+  
+    end
+
 
     private
 
diff --git a/app/models/contact_mailer.rb b/app/models/contact_mailer.rb
index 77854a4ef..de6a6ee58 100644
--- a/app/models/contact_mailer.rb
+++ b/app/models/contact_mailer.rb
@@ -4,9 +4,11 @@
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: contact_mailer.rb,v 1.3 2008-02-20 12:51:29 francis Exp $
+# $Id: contact_mailer.rb,v 1.4 2008-03-12 13:01:04 francis Exp $
 
 class ContactMailer < ApplicationMailer
+
+    # Send message to administrator
     def message(name, email, subject, message, request_details)
         @from = name + " <" + email + ">"
         @recipients = contact_from_name_and_email
@@ -15,4 +17,22 @@ class ContactMailer < ApplicationMailer
             :request_details => request_details 
         }
     end
+
+    # Send message to another user
+    def user_message(from_user, recipient_user, recipient_url,subject, message)
+        @from = from_user.name_and_email
+        # Do not set envelope from address to the from_user, so they can't get
+        # someone's email addresses from transitory bounce messages.
+        headers 'Sender' => contact_from_name_and_email,  # XXX perhaps change to being a black hole
+                'Reply-To' => @from
+        @recipients = recipient_user.name_and_email
+        @subject = subject
+        @body = { 
+            :message => message,
+            :from_user => from_user,
+            :recipient_user => recipient_user,
+            :recipient_url => recipient_url
+        }
+    end
+
 end
diff --git a/app/views/contact_mailer/user_message.rhtml b/app/views/contact_mailer/user_message.rhtml
new file mode 100644
index 000000000..88e4dd05b
--- /dev/null
+++ b/app/views/contact_mailer/user_message.rhtml
@@ -0,0 +1,14 @@
+Hi <%=@recipient_user.name%>,
+
+<%=@from_user.name%> has used WhatDoTheyKnow to send you the message below.
+Your details have not been given to anyone, unless you choose to reply to this
+message, which will then go directly to the person who wrote the message.
+
+See the Freedom of Information requests that they have made: 
+<%= @recipient_url %>
+
+-- the WhatDoTheyKnow team
+
+---------------------------------------------------------------------
+
+<%= @message.strip %>
diff --git a/app/views/help/contact.rhtml b/app/views/help/contact.rhtml
index 785b2eca0..1b8e7f246 100644
--- a/app/views/help/contact.rhtml
+++ b/app/views/help/contact.rhtml
@@ -47,7 +47,7 @@
 
     <div class="form_button">
         <%= hidden_field_tag(:submitted_contact_form, { :value => 1 } ) %>
-        <%= submit_tag "Submit" %>
+        <%= submit_tag "Send message" %>
     </div>
 
 <% end %>
diff --git a/app/views/user/contact.rhtml b/app/views/user/contact.rhtml
new file mode 100644
index 000000000..d7cac2a4d
--- /dev/null
+++ b/app/views/user/contact.rhtml
@@ -0,0 +1,47 @@
+<% @title = "Contact " + h(@recipient_user.name) %>
+
+<% if not @user %>
+    <% raise "You need to be logged in" %>
+<% end %>
+
+<%= foi_error_messages_for :contact %>
+
+<% form_for :contact do |f| %>
+
+    <div class="form_note">
+        <h1>Contact <%=h @recipient_user.name%></h1>
+    </div>
+
+    <p>
+        <label class="form_label">From:</label> 
+        <%= h(@user.name_and_email) %>
+    </p>
+
+    <p>
+        <label class="form_label" for="contact_subject">Subject:</label> 
+        <%= f.text_field :subject, :size => 50 %>
+    </p>
+
+    <p>
+        <label class="form_label" for="outgoing_message_body">Message:</label> 
+        <%= f.text_area :message, :rows => 10, :cols => 50 %>
+    </p>
+
+    <p class="form_note">
+        <% if @user == @recipient_user %>
+            <strong>Note:</strong> You're sending a message to yourself, presumably
+            to try out how it works.
+        <% else %>
+            <strong>Privacy note:</strong> Your email address will be given to
+            <%= user_link(@recipient_user) %> when you send this message.
+        <% end %>
+    </p>
+
+    <div class="form_button">
+        <%= hidden_field_tag(:submitted_contact_form, { :value => 1 } ) %>
+        <%= submit_tag "Send message" %>
+    </div>
+
+<% end %>
+
+
diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml
index 582e79703..66c707433 100644
--- a/app/views/user/show.rhtml
+++ b/app/views/user/show.rhtml
@@ -9,14 +9,16 @@
         <h1><%=@title%></h1>
         <p class="subtitle">Joined on <%= simple_date(display_user.created_at) %></p>
 
+        <p><%= link_to "Send message to " + h(display_user.name), contact_user_url(:id => display_user.id) %></p>
+
         <% if display_user.info_requests.empty? %>
             <p><%= display_user == @user ? 'You have' : 'This person has' %>
             made no Freedom of Information requests using this site.</p>
 
         <% else %>
-            <p><%= display_user == @user ? 'You have' : 'This person has' %>
-            made <%=pluralize(display_user.info_requests.size, "Freedom of Information request") %>
-            using this site.</p>
+            <h2>
+            <%=pluralize(display_user.info_requests.size, "Freedom of Information request") %>
+            </h2>
 
             <%= render :partial => 'request/request_listing', :locals => { :info_requests => display_user.info_requests.sort { |a,b| b.created_at <=> a.created_at } } %>
         <% end %>