From 0bb0c97831d22a8ad29fd4c4a9217327c77dfcfd Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 14 Aug 2013 11:29:55 +0100 Subject: Add new code and specs for hiding attachments. --- app/controllers/request_controller.rb | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 0c1d9880c..6a927d327 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -683,9 +683,13 @@ class RequestController < ApplicationController @info_request = incoming_message.info_request # used by view return render_hidden end + if !incoming_message.user_can_view?(authenticated_user) + @incoming_message = incoming_message # used by view + return render_hidden_message + end # Is this a completely public request that we can cache attachments for # to be served up without authentication? - if incoming_message.info_request.all_can_view? + if incoming_message.info_request.all_can_view? && incoming_message.all_can_view? @files_can_be_cached = true end end @@ -945,5 +949,14 @@ class RequestController < ApplicationController false end + def render_hidden_message + respond_to do |format| + response_code = 410 # gone + format.html{ render :template => 'request/hidden_correspondence', :status => response_code } + format.any{ render :nothing => true, :status => response_code } + end + false + end + end -- cgit v1.2.3 From e668912be052da6933289a692d8ec3b86bae5a82 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 19 Aug 2013 15:59:06 +0100 Subject: Reorder assigns Split into those that come from request params and those that come from the model --- app/controllers/request_controller.rb | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 6a927d327..515c7ac5a 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -63,26 +63,32 @@ class RequestController < ApplicationController # Look up by new style text names @info_request = InfoRequest.find_by_url_title!(params[:url_title]) - set_last_request(@info_request) # Test for whole request being hidden if !@info_request.user_can_view?(authenticated_user) return render_hidden end - # Other parameters - @info_request_events = @info_request.info_request_events - @status = @info_request.calculate_status - @collapse_quotes = params[:unfold] ? false : true + set_last_request(@info_request) + # assign variables from request parameters + @collapse_quotes = params[:unfold] ? false : true # Don't allow status update on external requests, otherwise accept param if @info_request.is_external? @update_status = false else @update_status = params[:update_status] ? true : false end + + # Other parameters + @info_request_events = @info_request.info_request_events + @status = @info_request.calculate_status @old_unclassified = @info_request.is_old_unclassified? && !authenticated_user.nil? @is_owning_user = @info_request.is_owning_user?(authenticated_user) + @last_info_request_event_id = @info_request.last_event_id_needing_description + @new_responses_count = @info_request.events_needing_description.select {|i| i.event_type == 'response'}.size + # For send followup link at bottom + @last_response = @info_request.get_last_response if @update_status return if !@is_owning_user && !authenticated_as_user?(@info_request.user, @@ -92,10 +98,6 @@ class RequestController < ApplicationController ) end - - @last_info_request_event_id = @info_request.last_event_id_needing_description - @new_responses_count = @info_request.events_needing_description.select {|i| i.event_type == 'response'}.size - # Sidebar stuff # ... requests that have similar imporant terms begin @@ -106,13 +108,11 @@ class RequestController < ApplicationController rescue @xapian_similar = nil end - # Track corresponding to this page @track_thing = TrackThing.create_track_for_request(@info_request) @feed_autodetect = [ { :url => do_track_url(@track_thing, 'feed'), :title => @track_thing.params[:title_in_rss], :has_json => true } ] - # For send followup link at bottom - @last_response = @info_request.get_last_response + respond_to do |format| format.html { @has_json = true; render :template => 'request/show'} format.json { render :json => @info_request.json_for_api(true) } -- cgit v1.2.3 From 5f964420b0b66cc2acd93a866e3671c32cc42d91 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 21 Aug 2013 10:46:50 +0100 Subject: Extract the various info_request assigns So we can reuse them when rendering the show template to a file. Lots of the sidebar prep isn't going to be needed for that view, so make that optional in the template. --- app/controllers/request_controller.rb | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 515c7ac5a..6f1a549c5 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -80,15 +80,7 @@ class RequestController < ApplicationController @update_status = params[:update_status] ? true : false end - # Other parameters - @info_request_events = @info_request.info_request_events - @status = @info_request.calculate_status - @old_unclassified = @info_request.is_old_unclassified? && !authenticated_user.nil? - @is_owning_user = @info_request.is_owning_user?(authenticated_user) - @last_info_request_event_id = @info_request.last_event_id_needing_description - @new_responses_count = @info_request.events_needing_description.select {|i| i.event_type == 'response'}.size - # For send followup link at bottom - @last_response = @info_request.get_last_response + assign_variables_for_show_template(@info_request) if @update_status return if !@is_owning_user && !authenticated_as_user?(@info_request.user, @@ -99,6 +91,7 @@ class RequestController < ApplicationController end # Sidebar stuff + @sidebar = true # ... requests that have similar imporant terms begin limit = 10 @@ -958,5 +951,18 @@ class RequestController < ApplicationController false end + def assign_variables_for_show_template(info_request) + # Other parameters + @info_request_events = info_request.info_request_events + @status = info_request.calculate_status + @old_unclassified = info_request.is_old_unclassified? && !authenticated_user.nil? + @is_owning_user = info_request.is_owning_user?(authenticated_user) + @last_info_request_event_id = info_request.last_event_id_needing_description + @new_responses_count = info_request.events_needing_description.select {|i| i.event_type == 'response'}.size + # For send followup link at bottom + @last_response = info_request.get_last_response + end + + end -- cgit v1.2.3 From 8eab413902f58ca3b812f8ecfb73de731b7f244b Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 21 Aug 2013 10:48:15 +0100 Subject: Extract out code for making a request summary file Render the show template within the current thread rather than making another request - we're going to need to use the current session in order to know what do include in the zip file, now that we have more fine-grained visibility of messages. Also, this will mean we can use this functionality in single threaded contexts, and test it more easily. Don't display profile photos as this would require another process, and hide other icons so we don't need to include them. Use render_to_string as a more standard way of rendering templates to a string for further manipulation. --- app/controllers/request_controller.rb | 62 ++++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 26 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 6f1a549c5..9dff180d6 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -888,32 +888,10 @@ class RequestController < ApplicationController if !File.exists?(file_path) FileUtils.mkdir_p(File.dirname(file_path)) Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile| - convert_command = AlaveteliConfiguration::html_to_pdf_command - done = false - if !convert_command.blank? && File.exists?(convert_command) - url = "http://#{AlaveteliConfiguration::domain}#{request_path(@info_request)}?print_stylesheet=1" - tempfile = Tempfile.new('foihtml2pdf') - output = AlaveteliExternalCommand.run(convert_command, url, tempfile.path) - if !output.nil? - zipfile.get_output_stream("correspondence.pdf") { |f| - f.puts(File.open(tempfile.path).read) - } - done = true - else - logger.error("Could not convert info request #{@info_request.id} to PDF with command '#{convert_command} #{url} #{tempfile.path}'") - end - tempfile.close - else - logger.warn("No HTML -> PDF converter found at #{convert_command}") - end - if !done - @info_request_events = @info_request.info_request_events - template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.html.erb")) - output = ERB.new(template).result(binding) - zipfile.get_output_stream("correspondence.txt") { |f| - f.puts(output) - } - end + + file_info = make_request_summary_file(@info_request) + zipfile.get_output_stream(file_info[:filename]) { |f| f.puts(file_info[:data]) } + for message in @info_request.incoming_messages attachments = message.get_attachments_for_display for attachment in attachments @@ -963,6 +941,38 @@ class RequestController < ApplicationController @last_response = info_request.get_last_response end + def make_request_summary_file(info_request) + done = false + convert_command = AlaveteliConfiguration::html_to_pdf_command + assign_variables_for_show_template(info_request) + if !convert_command.blank? && File.exists?(convert_command) + @render_to_file = true + html_output = render_to_string(:template => 'request/show') + tmp_input = Tempfile.new(['foihtml2pdf-input', '.html']) + tmp_input.write(html_output) + tmp_input.close + tmp_output = Tempfile.new('foihtml2pdf-output') + output = AlaveteliExternalCommand.run(convert_command, tmp_input.path, tmp_output.path) + if !output.nil? + file_info = { :filename => 'correspondence.pdf', + :data => File.open(tmp_output.path).read } + done = true + else + logger.error("Could not convert info request #{@info_request.id} to PDF with command '#{convert_command} #{tmp_input.path} #{tmp_output.path}'") + end + tmp_output.close + tmp_input.delete + tmp_output.delete + else + logger.warn("No HTML -> PDF converter found at #{convert_command}") + end + if !done + file_info = { :filename => 'correspondence.txt', + :data => render_to_string(:template => 'request/simple_correspondence.html.erb', + :layout => false) } + end + file_info + end end -- cgit v1.2.3 From 41427a5857c008f09c62cc53ddbd80de36e4e3c2 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 19 Aug 2013 16:35:02 +0100 Subject: Extract calculation of last update hash --- app/controllers/request_controller.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 9dff180d6..5ca7c431d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -879,10 +879,9 @@ class RequestController < ApplicationController :email_subject => _("Log in to download a zip file of {{info_request_title}}", :info_request_title=>@info_request.title) ) - updated = Digest::SHA1.hexdigest(@info_request.info_request_events.last.created_at.to_i.to_s + @info_request.updated_at.to_i.to_s) @url_path = File.join("/download", request_dirs(@info_request), - updated, + @info_request.last_update_hash, "#{params[:url_title]}.zip") file_path = File.expand_path(File.join(download_zip_dir(), @url_path)) if !File.exists?(file_path) -- cgit v1.2.3 From d65804b7d8d2138b4570b26449321e1a9bb847fb Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 21 Aug 2013 14:01:22 +0100 Subject: Remove hidden incoming messages from correspondence.txt Adds a spec for what we want to see - no message text in correspondence.txt, and no attachments. Refactors the simple_correspondence templates to make it clearer that these are doing the same job as the html.erb ones, for text. --- app/controllers/request_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 5ca7c431d..86ee4552d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -892,6 +892,7 @@ class RequestController < ApplicationController zipfile.get_output_stream(file_info[:filename]) { |f| f.puts(file_info[:data]) } for message in @info_request.incoming_messages + next unless message.user_can_view?(authenticated_user) attachments = message.get_attachments_for_display for attachment in attachments filename = "#{attachment.url_part_number}_#{attachment.display_filename}" @@ -967,7 +968,7 @@ class RequestController < ApplicationController end if !done file_info = { :filename => 'correspondence.txt', - :data => render_to_string(:template => 'request/simple_correspondence.html.erb', + :data => render_to_string(:template => 'request/show.text.erb', :layout => false) } end file_info -- cgit v1.2.3 From 5b42308b116ee0bbdecf3f1c0e1c5f0c0e25b757 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 21 Aug 2013 14:19:44 +0100 Subject: Move zip file creation to its own method. --- app/controllers/request_controller.rb | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 86ee4552d..17b836f8f 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -886,22 +886,7 @@ class RequestController < ApplicationController file_path = File.expand_path(File.join(download_zip_dir(), @url_path)) if !File.exists?(file_path) FileUtils.mkdir_p(File.dirname(file_path)) - Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile| - - file_info = make_request_summary_file(@info_request) - zipfile.get_output_stream(file_info[:filename]) { |f| f.puts(file_info[:data]) } - - for message in @info_request.incoming_messages - next unless message.user_can_view?(authenticated_user) - attachments = message.get_attachments_for_display - for attachment in attachments - filename = "#{attachment.url_part_number}_#{attachment.display_filename}" - zipfile.get_output_stream(filename) { |f| - f.puts(attachment.body) - } - end - end - } + make_request_zip(info_request, file_path) File.chmod(0644, file_path) end redirect_to @url_path @@ -941,6 +926,20 @@ class RequestController < ApplicationController @last_response = info_request.get_last_response end + def make_request_zip(info_request, file_path) + Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) do |zipfile| + file_info = make_request_summary_file(info_request) + zipfile.get_output_stream(file_info[:filename]) { |f| f.puts(file_info[:data]) } + info_request.incoming_messages.each do |message| + next unless message.user_can_view?(authenticated_user) + message.get_attachments_for_display.each do |attachment| + filename = "#{attachment.url_part_number}_#{attachment.display_filename}" + zipfile.get_output_stream(filename) { |f| f.puts(attachment.body) } + end + end + end + end + def make_request_summary_file(info_request) done = false convert_command = AlaveteliConfiguration::html_to_pdf_command -- cgit v1.2.3 From 28afa5f085b17ba74f009aeb8a78520a32f0e47b Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 21 Aug 2013 14:21:46 +0100 Subject: Make sure that info_request gets assigned to the view This should be handled by assign_variables_for_show_template. Otherwise, the make_request_summary_file method shouldn't depend on instance variables --- app/controllers/request_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 17b836f8f..0180ad840 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -915,7 +915,7 @@ class RequestController < ApplicationController end def assign_variables_for_show_template(info_request) - # Other parameters + @info_request = info_request @info_request_events = info_request.info_request_events @status = info_request.calculate_status @old_unclassified = info_request.is_old_unclassified? && !authenticated_user.nil? @@ -957,7 +957,7 @@ class RequestController < ApplicationController :data => File.open(tmp_output.path).read } done = true else - logger.error("Could not convert info request #{@info_request.id} to PDF with command '#{convert_command} #{tmp_input.path} #{tmp_output.path}'") + logger.error("Could not convert info request #{info_request.id} to PDF with command '#{convert_command} #{tmp_input.path} #{tmp_output.path}'") end tmp_output.close tmp_input.delete -- cgit v1.2.3 From fd0c811cc4e01435ca89a419a521f6ac31a858b1 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Thu, 22 Aug 2013 15:23:46 +0100 Subject: Restore the download for hidden requests This was disabled for hidden requests as the download was by redirect, allowing people who have not been authenticated to conceivably access the download. We'll be moving to send_file instead, so can restore it. --- app/controllers/request_controller.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 0180ad840..8b978cc01 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -868,10 +868,6 @@ class RequestController < ApplicationController @locale = self.locale_from_params() I18n.with_locale(@locale) do @info_request = InfoRequest.find_by_url_title!(params[:url_title]) - # Test for whole request being hidden or requester-only - if !@info_request.all_can_view? - return render_hidden - end if authenticated?( :web => _("To download the zip file"), :email => _("Then you can download a zip file of {{info_request_title}}.", @@ -879,6 +875,10 @@ class RequestController < ApplicationController :email_subject => _("Log in to download a zip file of {{info_request_title}}", :info_request_title=>@info_request.title) ) + # Test for whole request being hidden or requester-only + if !@info_request.user_can_view?(@user) + return render_hidden + end @url_path = File.join("/download", request_dirs(@info_request), @info_request.last_update_hash, -- cgit v1.2.3 From d3df251a8033b92ad89725a2a3fea91acdd7843d Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Thu, 22 Aug 2013 16:23:59 +0100 Subject: Move some download methods to InfoRequest. Use send_file to send zips. Also adds 'all_can_view_all_correspondence?' - is this request completely cachable, or do we need to cache different versions for different levels of privilege? --- app/controllers/request_controller.rb | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 8b978cc01..e1fbb6a68 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -879,17 +879,13 @@ class RequestController < ApplicationController if !@info_request.user_can_view?(@user) return render_hidden end - @url_path = File.join("/download", - request_dirs(@info_request), - @info_request.last_update_hash, - "#{params[:url_title]}.zip") - file_path = File.expand_path(File.join(download_zip_dir(), @url_path)) - if !File.exists?(file_path) - FileUtils.mkdir_p(File.dirname(file_path)) - make_request_zip(info_request, file_path) - File.chmod(0644, file_path) + cache_file_path = @info_request.make_zip_cache_path(@user) + if !File.exists?(cache_file_path) + FileUtils.mkdir_p(File.dirname(cache_file_path)) + make_request_zip(@info_request, cache_file_path) + File.chmod(0644, cache_file_path) end - redirect_to @url_path + send_file(cache_file_path, :filename => "#{@info_request.url_title}.zip") end end end -- cgit v1.2.3 From 7cf64ac6665c8349c8b31120d6e22b800b99c3ab Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 27 Aug 2013 14:32:48 +0100 Subject: Shorter way of getting text template. --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index e1fbb6a68..a09939509 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -963,7 +963,7 @@ class RequestController < ApplicationController end if !done file_info = { :filename => 'correspondence.txt', - :data => render_to_string(:template => 'request/show.text.erb', + :data => render_to_string(:template => 'request/show.text', :layout => false) } end file_info -- cgit v1.2.3 From bc743d9fc8c8f740f37b91cbe374c6ae20b10619 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 27 Aug 2013 16:13:02 +0100 Subject: Add public criteria for message event access methods get_last_response_event and get_last_outgoing_event are used in various places to determine which events to link to, use in queries etc. Restrict them to refer to the last publicly visible event of the relevant type, and rename them to make that clear. --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index a09939509..ac92801b9 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -919,7 +919,7 @@ class RequestController < ApplicationController @last_info_request_event_id = info_request.last_event_id_needing_description @new_responses_count = info_request.events_needing_description.select {|i| i.event_type == 'response'}.size # For send followup link at bottom - @last_response = info_request.get_last_response + @last_response = info_request.get_last_public_response end def make_request_zip(info_request, file_path) -- cgit v1.2.3 From 661a103922279f05ad5027d0dfabc8a0ff649e92 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 28 Aug 2013 12:54:48 +0100 Subject: Add message index to attachment files So that files attached to different messages with the same name and url_part don't get overwritten. --- app/controllers/request_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index ac92801b9..e5950c41d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -926,10 +926,12 @@ class RequestController < ApplicationController Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) do |zipfile| file_info = make_request_summary_file(info_request) zipfile.get_output_stream(file_info[:filename]) { |f| f.puts(file_info[:data]) } + message_index = 0 info_request.incoming_messages.each do |message| next unless message.user_can_view?(authenticated_user) + message_index += 1 message.get_attachments_for_display.each do |attachment| - filename = "#{attachment.url_part_number}_#{attachment.display_filename}" + filename = "#{message_index}_#{attachment.url_part_number}_#{attachment.display_filename}" zipfile.get_output_stream(filename) { |f| f.puts(attachment.body) } end end -- cgit v1.2.3 From 56ce526acdcb1b5493bc11f14b751b5c3f02f686 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 28 Aug 2013 12:59:16 +0100 Subject: No need to set permissions on file now. Either rails or the webserver will be sending it, we're not redirecting anymore. --- app/controllers/request_controller.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index e5950c41d..e7905e505 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -883,7 +883,6 @@ class RequestController < ApplicationController if !File.exists?(cache_file_path) FileUtils.mkdir_p(File.dirname(cache_file_path)) make_request_zip(@info_request, cache_file_path) - File.chmod(0644, cache_file_path) end send_file(cache_file_path, :filename => "#{@info_request.url_title}.zip") end -- cgit v1.2.3 From a176da3b7611153421fc6a33bb502297ae50a0e2 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 16 Sep 2013 12:55:39 +0100 Subject: Use 403, not 410, for hidden items. As @mhl points out, this more clearly indicates that they may come back at some point. --- app/controllers/request_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index e7905e505..cd416a0c4 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -893,7 +893,7 @@ class RequestController < ApplicationController def render_hidden respond_to do |format| - response_code = 410 # gone + response_code = 403 # forbidden format.html{ render :template => 'request/hidden', :status => response_code } format.any{ render :nothing => true, :status => response_code } end @@ -902,7 +902,7 @@ class RequestController < ApplicationController def render_hidden_message respond_to do |format| - response_code = 410 # gone + response_code = 403 # forbidden format.html{ render :template => 'request/hidden_correspondence', :status => response_code } format.any{ render :nothing => true, :status => response_code } end -- cgit v1.2.3 From c1a06b2861ea0b071c7fec090afef32291221fb7 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Wed, 18 Sep 2013 16:33:47 +0100 Subject: Remove extra "is invalid" message. Fixes #1101. --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 82697b792..b2d228494 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -297,7 +297,7 @@ class RequestController < ApplicationController # We don't want the error "Outgoing messages is invalid", as in this # case the list of errors will also contain a more specific error # describing the reason it is invalid. - @info_request.errors.delete("outgoing_messages") + @info_request.errors.delete(:outgoing_messages) render :action => 'new' return -- cgit v1.2.3 From 57839951c8c0ffd6074d0c54be0c9dda874b2cbe Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Thu, 19 Sep 2013 12:33:55 +0100 Subject: Revert "No need to set permissions on file now." In fact, we do still need to set permissions. This reverts commit 56ce526acdcb1b5493bc11f14b751b5c3f02f686. --- app/controllers/request_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index b2d228494..388473b51 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -883,6 +883,7 @@ class RequestController < ApplicationController if !File.exists?(cache_file_path) FileUtils.mkdir_p(File.dirname(cache_file_path)) make_request_zip(@info_request, cache_file_path) + File.chmod(0644, cache_file_path) end send_file(cache_file_path, :filename => "#{@info_request.url_title}.zip") end -- cgit v1.2.3