From 21e17c404bfd4ab900045589a751c7010e223609 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Thu, 29 May 2014 10:52:23 +0200 Subject: Redirect to the frontpage rather than error on invalid params Fixes #1448. --- app/controllers/request_controller.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index d66c28275..125791ef8 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -303,6 +303,12 @@ class RequestController < ApplicationController return render_new_compose(batch=false) end + # Check we have :public_body_id - spammers seem to be using :public_body + # erroneously instead + if params[:info_request][:public_body_id].blank? + redirect_to frontpage_path && return + end + # See if the exact same request has already been submitted # XXX this check should theoretically be a validation rule in the # model, except we really want to pass @existing_request to the view so -- cgit v1.2.3 From 2b39b1f0cc5a04247abc938dda551e78c5f5cf9e Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 2 Jun 2014 17:49:45 +0100 Subject: Fix operator precedence Was switched to && for style but in fact for control flow, and is what we want. --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 125791ef8..55a03e7b4 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -306,7 +306,7 @@ class RequestController < ApplicationController # Check we have :public_body_id - spammers seem to be using :public_body # erroneously instead if params[:info_request][:public_body_id].blank? - redirect_to frontpage_path && return + redirect_to frontpage_path and return end # See if the exact same request has already been submitted -- cgit v1.2.3 From 42870985da06418461c847563fa860c11b4094a1 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Tue, 10 Jun 2014 10:04:29 +0100 Subject: Rename XXX comments with TODO: Picks these up in `rake notes` and adds semantic meaning --- app/controllers/request_controller.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 55a03e7b4..6281959fb 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -310,7 +310,7 @@ class RequestController < ApplicationController end # See if the exact same request has already been submitted - # XXX this check should theoretically be a validation rule in the + # TODO: this check should theoretically be a validation rule in the # model, except we really want to pass @existing_request to the view so # it can link to it. @existing_request = InfoRequest.find_existing(params[:info_request][:title], params[:info_request][:public_body_id], params[:outgoing_message][:body]) @@ -365,7 +365,7 @@ class RequestController < ApplicationController end # This automatically saves dependent objects, such as @outgoing_message, in the same transaction @info_request.save! - # XXX send_message needs the database id, so we send after saving, which isn't ideal if the request broke here. + # TODO: send_message needs the database id, so we send after saving, which isn't ideal if the request broke here. @outgoing_message.send_message flash[:notice] = _("

Your {{law_used_full}} request has been sent on its way!

We will email you when there is a response, or after {{late_number_of_days}} working days if the authority still hasn't @@ -543,7 +543,7 @@ class RequestController < ApplicationController elsif @info_request_event.is_outgoing_message? redirect_to outgoing_message_url(@info_request_event.outgoing_message), :status => :moved_permanently else - # XXX maybe there are better URLs for some events than this + # TODO: maybe there are better URLs for some events than this redirect_to request_url(@info_request_event.info_request), :status => :moved_permanently end end @@ -1012,7 +1012,7 @@ class RequestController < ApplicationController params[:info_request][:public_body] = PublicBody.find(params[:url_name]) else public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) - raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404 + raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # TODO: proper 404 params[:info_request][:public_body] = public_body end elsif params[:public_body_id] -- cgit v1.2.3 From cbc2b6b89b7f8211a032647096a95c0dbabc0647 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Thu, 22 May 2014 15:20:03 +0100 Subject: Reword View Requests to Browse Requests in nav User testing highlighted that it was easy to mistake "View Requests" for a Facebook-style wall rather than the list of all requests. [1] [1] https://github.com/mysociety/alaveteli/issues/1505 --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 6281959fb..3fa0ef0ce 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -181,7 +181,7 @@ class RequestController < ApplicationController end @filters = params.merge(:latest_status => @view) - @title = _("View and search requests") + @title = _('Browse and search requests') @title = @title + " (page " + @page.to_s + ")" if (@page > 1) @track_thing = TrackThing.create_track_for_search_query(InfoRequestEvent.make_query_from_params(@filters)) -- cgit v1.2.3