1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
|
# app/controllers/admin_request_controller.rb:
# Controller for viewing FOI requests from the admin interface.
#
# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
#
# $Id: admin_request_controller.rb,v 1.42 2009-10-03 01:28:33 francis Exp $
require 'ostruct'
class AdminRequestController < AdminController
def index
list
render :action => 'list'
end
def list
@query = params[:query]
@info_requests = InfoRequest.paginate :order => "created_at desc",
:page => params[:page],
:per_page => 100,
:conditions => @query.nil? ? nil : ["lower(title) like lower('%'||?||'%')", @query]
end
def list_old_unclassified
@info_requests = WillPaginate::Collection.create((params[:page] or 1), 50) do |pager|
info_requests = InfoRequest.find_old_unclassified(:conditions => ["prominence = 'normal'"],
:limit => pager.per_page,
:offset => pager.offset)
# inject the result array into the paginated collection:
pager.replace(info_requests)
unless pager.total_entries
# the pager didn't manage to guess the total count, do it manually
pager.total_entries = InfoRequest.count_old_unclassified(:conditions => ["prominence = 'normal'"])
end
end
end
def show
@info_request = InfoRequest.find(params[:id])
# XXX is this *really* the only way to render a template to a
# variable, rather than to the response?
vars = OpenStruct.new(:name_to => @info_request.user_name,
:name_from => Configuration::contact_name,
:info_request => @info_request, :reason => params[:reason],
:info_request_url => 'http://' + Configuration::domain + request_url(@info_request),
:site_name => site_name)
template = File.read(File.join(File.dirname(__FILE__), "..", "views", "admin_request", "hidden_user_explanation.rhtml"))
@request_hidden_user_explanation = ERB.new(template).result(vars.instance_eval { binding })
end
def resend
@outgoing_message = OutgoingMessage.find(params[:outgoing_message_id])
@outgoing_message.resend_message
flash[:notice] = "Outgoing message resent"
redirect_to request_admin_url(@outgoing_message.info_request)
end
def edit
@info_request = InfoRequest.find(params[:id])
end
def update
@info_request = InfoRequest.find(params[:id])
old_title = @info_request.title
old_prominence = @info_request.prominence
old_described_state = @info_request.described_state
old_awaiting_description = @info_request.awaiting_description
old_allow_new_responses_from = @info_request.allow_new_responses_from
old_handle_rejected_responses = @info_request.handle_rejected_responses
old_tag_string = @info_request.tag_string
old_comments_allowed = @info_request.comments_allowed
@info_request.title = params[:info_request][:title]
@info_request.prominence = params[:info_request][:prominence]
if @info_request.described_state != params[:info_request][:described_state]
@info_request.set_described_state(params[:info_request][:described_state])
end
@info_request.awaiting_description = params[:info_request][:awaiting_description] == "true" ? true : false
@info_request.allow_new_responses_from = params[:info_request][:allow_new_responses_from]
@info_request.handle_rejected_responses = params[:info_request][:handle_rejected_responses]
@info_request.tag_string = params[:info_request][:tag_string]
@info_request.comments_allowed = params[:info_request][:comments_allowed] == "true" ? true : false
if @info_request.valid?
@info_request.save!
@info_request.log_event("edit",
{ :editor => admin_http_auth_user(),
:old_title => old_title, :title => @info_request.title,
:old_prominence => old_prominence, :prominence => @info_request.prominence,
:old_described_state => old_described_state, :described_state => @info_request.described_state,
:old_awaiting_description => old_awaiting_description, :awaiting_description => @info_request.awaiting_description,
:old_allow_new_responses_from => old_allow_new_responses_from, :allow_new_responses_from => @info_request.allow_new_responses_from,
:old_handle_rejected_responses => old_handle_rejected_responses, :handle_rejected_responses => @info_request.handle_rejected_responses,
:old_tag_string => old_tag_string, :tag_string => @info_request.tag_string,
:old_comments_allowed => old_comments_allowed, :tag_string => @info_request.comments_allowed
})
# expire cached files
expire_for_request(@info_request)
flash[:notice] = 'Request successfully updated.'
redirect_to request_admin_url(@info_request)
else
render :action => 'edit'
end
end
def fully_destroy
@info_request = InfoRequest.find(params[:id])
user = @info_request.user
url_title = @info_request.url_title
@info_request.fully_destroy
# expire cached files
expire_for_request(@info_request)
flash[:notice] = "Request #{url_title} has been completely destroyed. Email of user who made request: " + user.email
redirect_to admin_url('request/list')
end
def edit_outgoing
@outgoing_message = OutgoingMessage.find(params[:id])
end
def destroy_outgoing
@outgoing_message = OutgoingMessage.find(params[:outgoing_message_id])
@info_request = @outgoing_message.info_request
outgoing_message_id = @outgoing_message.id
@outgoing_message.fully_destroy
@outgoing_message.info_request.log_event("destroy_outgoing",
{ :editor => admin_http_auth_user(), :deleted_outgoing_message_id => outgoing_message_id })
flash[:notice] = 'Outgoing message successfully destroyed.'
redirect_to request_admin_url(@info_request)
end
def update_outgoing
@outgoing_message = OutgoingMessage.find(params[:id])
old_body = @outgoing_message.body
if @outgoing_message.update_attributes(params[:outgoing_message])
@outgoing_message.info_request.log_event("edit_outgoing",
{ :outgoing_message_id => @outgoing_message.id, :editor => admin_http_auth_user(),
:old_body => old_body, :body => @outgoing_message.body })
flash[:notice] = 'Outgoing message successfully updated.'
redirect_to request_admin_url(@outgoing_message.info_request)
else
render :action => 'edit_outgoing'
end
end
def edit_comment
@comment = Comment.find(params[:id])
end
def update_comment
@comment = Comment.find(params[:id])
old_body = @comment.body
old_visible = @comment.visible
@comment.visible = params[:comment][:visible] == "true" ? true : false
if @comment.update_attributes(params[:comment])
@comment.info_request.log_event("edit_comment",
{ :comment_id => @comment.id, :editor => admin_http_auth_user(),
:old_body => old_body, :body => @comment.body,
:old_visible => old_visible, :visible => @comment.visible,
})
flash[:notice] = 'Comment successfully updated.'
redirect_to request_admin_url(@comment.info_request)
else
render :action => 'edit_comment'
end
end
def destroy_incoming
@incoming_message = IncomingMessage.find(params[:incoming_message_id])
@info_request = @incoming_message.info_request
incoming_message_id = @incoming_message.id
@incoming_message.fully_destroy
@incoming_message.info_request.log_event("destroy_incoming",
{ :editor => admin_http_auth_user(), :deleted_incoming_message_id => incoming_message_id })
# expire cached files
expire_for_request(@info_request)
flash[:notice] = 'Incoming message successfully destroyed.'
redirect_to request_admin_url(@info_request)
end
def redeliver_incoming
incoming_message = IncomingMessage.find(params[:redeliver_incoming_message_id])
message_ids = params[:url_title].split(",").each {|x| x.strip}
previous_request = incoming_message.info_request
destination_request = nil
ActiveRecord::Base.transaction do
for m in message_ids
if m.match(/^[0-9]+$/)
destination_request = InfoRequest.find_by_id(m.to_i)
else
destination_request = InfoRequest.find_by_url_title!(m)
end
if destination_request.nil?
flash[:error] = "Failed to find destination request '" + m + "'"
return redirect_to request_admin_url(previous_request)
end
raw_email_data = incoming_message.raw_email.data
mail = TMail::Mail.parse(raw_email_data)
mail.base64_decode
destination_request.receive(mail, raw_email_data, true)
incoming_message_id = incoming_message.id
incoming_message.info_request.log_event("redeliver_incoming", {
:editor => admin_http_auth_user(),
:destination_request => destination_request.id,
:deleted_incoming_message_id => incoming_message_id
})
flash[:notice] = "Message has been moved to request(s). Showing the last one:"
end
# expire cached files
expire_for_request(previous_request)
incoming_message.fully_destroy
end
redirect_to request_admin_url(destination_request)
end
# change user or public body of a request magically
def move_request
info_request = InfoRequest.find(params[:info_request_id])
if params[:commit] == 'Move request to user' && !params[:user_url_name].blank?
old_user = info_request.user
destination_user = User.find_by_url_name(params[:user_url_name])
if destination_user.nil?
flash[:error] = "Couldn't find user '" + params[:user_url_name] + "'"
else
info_request.user = destination_user
info_request.save!
info_request.log_event("move_request", {
:editor => admin_http_auth_user(),
:old_user_url_name => old_user.url_name,
:user_url_name => destination_user.url_name
})
info_request.reindex_request_events
flash[:notice] = "Message has been moved to new user"
end
redirect_to request_admin_url(info_request)
elsif params[:commit] == 'Move request to authority' && !params[:public_body_url_name].blank?
old_public_body = info_request.public_body
destination_public_body = PublicBody.find_by_url_name(params[:public_body_url_name])
if destination_public_body.nil?
flash[:error] = "Couldn't find public body '" + params[:public_body_url_name] + "'"
else
info_request.public_body = destination_public_body
info_request.save!
info_request.log_event("move_request", {
:editor => admin_http_auth_user(),
:old_public_body_url_name => old_public_body.url_name,
:public_body_url_name => destination_public_body.url_name
})
info_request.reindex_request_events
flash[:notice] = "Request has been moved to new body"
end
redirect_to request_admin_url(info_request)
else
flash[:error] = "Please enter the user or authority to move the request to"
redirect_to request_admin_url(info_request)
end
end
def generate_upload_url
info_request = InfoRequest.find(params[:id])
if params[:incoming_message_id]
incoming_message = IncomingMessage.find(params[:incoming_message_id])
email = incoming_message.mail.from_addrs[0].address
name = incoming_message.safe_mail_from || info_request.public_body.name
else
email = info_request.public_body.request_email
name = info_request.public_body.name
end
user = User.find_user_by_email(email)
if not user
user = User.new(:name => name, :email => email, :password => PostRedirect.generate_random_token)
user.save!
end
if !info_request.public_body.is_foi_officer?(user)
flash[:notice] = user.email + " is not an email at the domain @" + info_request.public_body.foi_officer_domain_required + ", so won't be able to upload."
redirect_to request_admin_url(info_request)
return
end
# Bejeeps, look, sometimes a URL is something that belongs in a controller, jesus.
# XXX hammer this square peg into the round MVC hole - should be calling main_url(upload_response_url())
post_redirect = PostRedirect.new(
:uri => main_url(upload_response_url(:url_title => info_request.url_title, :only_path => true)),
:user_id => user.id)
post_redirect.save!
url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true))
flash[:notice] = 'Send "' + name + '" <<a href="mailto:' + email + '">' + email + '</a>> this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request."
redirect_to request_admin_url(info_request)
end
def show_raw_email
@raw_email = RawEmail.find(params[:id])
# For the holding pen, try to guess where it should be ...
@holding_pen = false
if (@raw_email.incoming_message.info_request == InfoRequest.holding_pen_request && !@raw_email.incoming_message.mail.from_addrs.nil? && @raw_email.incoming_message.mail.from_addrs.size > 0)
@holding_pen = true
# 1. Use domain of email to try and guess which public body it
# is associated with, so we can display that.
email = @raw_email.incoming_message.mail.from_addrs[0].spec
domain = PublicBody.extract_domain_from_email(email)
if domain.nil?
@public_bodies = []
else
@public_bodies = PublicBody.find(:all, :order => "name",
:conditions => [ "lower(request_email) like lower('%'||?||'%')", domain ])
end
# 2. Match the email address in the message without matching the hash
@info_requests = InfoRequest.guess_by_incoming_email(@raw_email.incoming_message)
# 3. Give a reason why it's in the holding pen
last_event = InfoRequestEvent.find_by_incoming_message_id(@raw_email.incoming_message.id)
@rejected_reason = last_event.params[:rejected_reason] || "unknown reason"
end
end
def download_raw_email
@raw_email = RawEmail.find(params[:id])
response.content_type = 'message/rfc822'
render :text => @raw_email.data
end
# used so due dates get fixed
def mark_event_as_clarification
info_request_event = InfoRequestEvent.find(params[:info_request_event_id])
if info_request_event.event_type != 'response'
raise Exception("can only mark responses as requires clarification")
end
info_request_event.described_state = 'waiting_clarification'
info_request_event.calculated_state = 'waiting_clarification'
# XXX deliberately don't update described_at so doesn't reenter search?
info_request_event.save!
flash[:notice] = "Old response marked as having been a clarification"
redirect_to request_admin_url(info_request_event.info_request)
end
def hide_request
ActiveRecord::Base.transaction do
subject = params[:subject]
explanation = params[:explanation]
info_request = InfoRequest.find(params[:id])
info_request.prominence = "requester_only"
info_request.log_event("hide", {
:editor => admin_http_auth_user(),
:reason => params[:reason],
:subject => subject,
:explanation => explanation
})
info_request.set_described_state(params[:reason])
info_request.save!
if ! info_request.is_external?
ContactMailer.deliver_from_admin_message(
info_request.user,
subject,
params[:explanation]
)
flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
else
flash[:notice] = _("This external request has been hidden")
end
# expire cached files
expire_for_request(info_request)
redirect_to request_admin_url(info_request)
end
end
private
end
|
