1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
|
# app/controllers/admin_request_controller.rb:
# Controller for viewing FOI requests from the admin interface.
#
# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
require 'ostruct'
class AdminRequestController < AdminController
def index
list
render :action => 'list'
end
def list
@query = params[:query]
if @query
info_requests = InfoRequest.where(["lower(title) like lower('%'||?||'%')", @query])
else
info_requests = InfoRequest
end
@info_requests = info_requests.paginate :order => "created_at desc",
:page => params[:page],
:per_page => 100
end
def show
@info_request = InfoRequest.find(params[:id])
vars_for_explanation = {:reason => params[:reason],
:info_request => @info_request,
:name_to => @info_request.user_name,
:name_from => AlaveteliConfiguration::contact_name,
:info_request_url => request_url(@info_request, :only_path => false)}
@request_hidden_user_explanation = render_to_string(:template => "admin_request/hidden_user_explanation",
:locals => vars_for_explanation)
end
def resend
@outgoing_message = OutgoingMessage.find(params[:outgoing_message_id])
@outgoing_message.prepare_message_for_resend
mail_message = case @outgoing_message.message_type
when 'initial_request'
OutgoingMailer.initial_request(
@outgoing_message.info_request,
@outgoing_message
).deliver
when 'followup'
OutgoingMailer.followup(
@outgoing_message.info_request,
@outgoing_message,
@outgoing_message.incoming_message_followup
).deliver
else
raise "Message id #{id} has type '#{message_type}' which cannot be resent"
end
@outgoing_message.record_email_delivery(
mail_message.to_addrs.join(', '),
mail_message.message_id,
'resent'
)
flash[:notice] = "Outgoing message resent"
redirect_to admin_request_show_url(@outgoing_message.info_request)
end
def edit
@info_request = InfoRequest.find(params[:id])
end
def update
@info_request = InfoRequest.find(params[:id])
old_title = @info_request.title
old_prominence = @info_request.prominence
old_described_state = @info_request.described_state
old_awaiting_description = @info_request.awaiting_description
old_allow_new_responses_from = @info_request.allow_new_responses_from
old_handle_rejected_responses = @info_request.handle_rejected_responses
old_tag_string = @info_request.tag_string
old_comments_allowed = @info_request.comments_allowed
@info_request.title = params[:info_request][:title]
@info_request.prominence = params[:info_request][:prominence]
@info_request.awaiting_description = params[:info_request][:awaiting_description] == "true" ? true : false
@info_request.allow_new_responses_from = params[:info_request][:allow_new_responses_from]
@info_request.handle_rejected_responses = params[:info_request][:handle_rejected_responses]
@info_request.tag_string = params[:info_request][:tag_string]
@info_request.comments_allowed = params[:info_request][:comments_allowed] == "true" ? true : false
if @info_request.valid?
@info_request.save!
@info_request.log_event("edit",
{ :editor => admin_current_user(),
:old_title => old_title, :title => @info_request.title,
:old_prominence => old_prominence, :prominence => @info_request.prominence,
:old_described_state => old_described_state, :described_state => params[:info_request][:described_state],
:old_awaiting_description => old_awaiting_description, :awaiting_description => @info_request.awaiting_description,
:old_allow_new_responses_from => old_allow_new_responses_from, :allow_new_responses_from => @info_request.allow_new_responses_from,
:old_handle_rejected_responses => old_handle_rejected_responses, :handle_rejected_responses => @info_request.handle_rejected_responses,
:old_tag_string => old_tag_string, :tag_string => @info_request.tag_string,
:old_comments_allowed => old_comments_allowed, :comments_allowed => @info_request.comments_allowed
})
if @info_request.described_state != params[:info_request][:described_state]
@info_request.set_described_state(params[:info_request][:described_state])
end
# expire cached files
expire_for_request(@info_request)
flash[:notice] = 'Request successfully updated.'
redirect_to admin_request_show_url(@info_request)
else
render :action => 'edit'
end
end
def fully_destroy
@info_request = InfoRequest.find(params[:id])
user = @info_request.user
url_title = @info_request.url_title
@info_request.fully_destroy
# expire cached files
expire_for_request(@info_request)
email = user.try(:email) ? user.email : 'This request is external so has no associated user'
flash[:notice] = "Request #{ url_title } has been completely destroyed. Email of user who made request: #{ email }"
redirect_to admin_request_list_url
end
def edit_comment
@comment = Comment.find(params[:id])
end
def update_comment
@comment = Comment.find(params[:id])
old_body = @comment.body
old_visible = @comment.visible
@comment.visible = params[:comment][:visible] == "true" ? true : false
if @comment.update_attributes(params[:comment])
@comment.info_request.log_event("edit_comment",
{ :comment_id => @comment.id, :editor => admin_current_user(),
:old_body => old_body, :body => @comment.body,
:old_visible => old_visible, :visible => @comment.visible,
})
flash[:notice] = 'Comment successfully updated.'
redirect_to admin_request_show_url(@comment.info_request)
else
render :action => 'edit_comment'
end
end
# change user or public body of a request magically
def move_request
info_request = InfoRequest.find(params[:info_request_id])
if params[:commit] == 'Move request to user' && !params[:user_url_name].blank?
old_user = info_request.user
destination_user = User.find_by_url_name(params[:user_url_name])
if destination_user.nil?
flash[:error] = "Couldn't find user '" + params[:user_url_name] + "'"
else
info_request.user = destination_user
info_request.save!
info_request.log_event("move_request", {
:editor => admin_current_user(),
:old_user_url_name => old_user.url_name,
:user_url_name => destination_user.url_name
})
info_request.reindex_request_events
flash[:notice] = "Message has been moved to new user"
end
redirect_to admin_request_show_url(info_request)
elsif params[:commit] == 'Move request to authority' && !params[:public_body_url_name].blank?
old_public_body = info_request.public_body
destination_public_body = PublicBody.find_by_url_name(params[:public_body_url_name])
if destination_public_body.nil?
flash[:error] = "Couldn't find public body '" + params[:public_body_url_name] + "'"
else
info_request.public_body = destination_public_body
info_request.save!
info_request.log_event("move_request", {
:editor => admin_current_user(),
:old_public_body_url_name => old_public_body.url_name,
:public_body_url_name => destination_public_body.url_name
})
info_request.reindex_request_events
flash[:notice] = "Request has been moved to new body"
end
redirect_to admin_request_show_url(info_request)
else
flash[:error] = "Please enter the user or authority to move the request to"
redirect_to admin_request_show_url(info_request)
end
end
def generate_upload_url
info_request = InfoRequest.find(params[:id])
if params[:incoming_message_id]
incoming_message = IncomingMessage.find(params[:incoming_message_id])
email = incoming_message.from_email
name = incoming_message.safe_mail_from || info_request.public_body.name
else
email = info_request.public_body.request_email
name = info_request.public_body.name
end
user = User.find_user_by_email(email)
if not user
user = User.new(:name => name, :email => email, :password => PostRedirect.generate_random_token)
user.save!
end
if !info_request.public_body.is_foi_officer?(user)
flash[:notice] = user.email + " is not an email at the domain @" + info_request.public_body.foi_officer_domain_required + ", so won't be able to upload."
redirect_to admin_request_show_url(info_request)
return
end
# Bejeeps, look, sometimes a URL is something that belongs in a controller, jesus.
# TODO: hammer this square peg into the round MVC hole
post_redirect = PostRedirect.new(
:uri => upload_response_url(:url_title => info_request.url_title),
:user_id => user.id)
post_redirect.save!
url = confirm_url(:email_token => post_redirect.email_token)
flash[:notice] = ("Send \"#{name}\" <<a href=\"mailto:#{email}\">#{email}</a>> this URL: <a href=\"#{url}\">#{url}</a> - it will log them in and let them upload a response to this request.").html_safe
redirect_to admin_request_show_url(info_request)
end
def show_raw_email
@raw_email = RawEmail.find(params[:id])
# For the holding pen, try to guess where it should be ...
@holding_pen = false
if (@raw_email.incoming_message.info_request == InfoRequest.holding_pen_request && !@raw_email.incoming_message.empty_from_field?)
@holding_pen = true
# 1. Use domain of email to try and guess which public body it
# is associated with, so we can display that.
email = @raw_email.incoming_message.from_email
domain = PublicBody.extract_domain_from_email(email)
if domain.nil?
@public_bodies = []
else
@public_bodies = PublicBody.find(:all, :order => "name",
:conditions => [ "lower(request_email) like lower('%'||?||'%')", domain ])
end
# 2. Match the email address in the message without matching the hash
@info_requests = InfoRequest.guess_by_incoming_email(@raw_email.incoming_message)
# 3. Give a reason why it's in the holding pen
last_event = InfoRequestEvent.find_by_incoming_message_id(@raw_email.incoming_message.id)
@rejected_reason = last_event.params[:rejected_reason] || "unknown reason"
end
end
def download_raw_email
@raw_email = RawEmail.find(params[:id])
response.content_type = 'message/rfc822'
render :text => @raw_email.data
end
# used so due dates get fixed
def mark_event_as_clarification
info_request_event = InfoRequestEvent.find(params[:info_request_event_id])
if info_request_event.event_type != 'response'
raise Exception("can only mark responses as requires clarification")
end
info_request_event.described_state = 'waiting_clarification'
info_request_event.calculated_state = 'waiting_clarification'
# TODO: deliberately don't update described_at so doesn't reenter search?
info_request_event.save!
flash[:notice] = "Old response marked as having been a clarification"
redirect_to admin_request_show_url(info_request_event.info_request)
end
def hide_request
ActiveRecord::Base.transaction do
subject = params[:subject]
explanation = params[:explanation]
info_request = InfoRequest.find(params[:id])
info_request.prominence = "requester_only"
info_request.log_event("hide", {
:editor => admin_current_user(),
:reason => params[:reason],
:subject => subject,
:explanation => explanation
})
info_request.set_described_state(params[:reason])
info_request.save!
if ! info_request.is_external?
ContactMailer.from_admin_message(
info_request.user.name,
info_request.user.email,
subject,
params[:explanation].strip.html_safe
).deliver
flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
else
flash[:notice] = _("This external request has been hidden")
end
# expire cached files
expire_for_request(info_request)
redirect_to admin_request_show_url(info_request)
end
end
private
end
|
