diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2016-09-06 16:07:30 +0100 | 
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2016-09-09 15:51:33 +0100 | 
| commit | 2835ee9d82d508e32720138702ca3879a41c19db (patch) | |
| tree | ed7de10c4898a0e897ff58074b3b822d8ab87e2d /perllib/FixMyStreet/App/Controller/Report.pm | |
| parent | 2acf9eb59867c299da568bf77c9019fe6c3eb9ff (diff) | |
Add manage screen for editing priority/category.
This is a cut-down version of the full inspect screen.
We truncate the co-ordinates just in case (they should be anyway but
e.g. the test report isn't).
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Report.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 58 | 
1 files changed, 35 insertions, 23 deletions
| diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index 6a7a14b5c..582de092c 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -3,6 +3,7 @@ package FixMyStreet::App::Controller::Report;  use Moose;  use namespace::autoclean;  use JSON::MaybeXS; +use List::MoreUtils qw(any);  BEGIN { extends 'Catalyst::Controller'; } @@ -299,7 +300,8 @@ sub inspect : Private {      $c->forward('/auth/get_csrf_token');      $c->forward( 'load_problem_or_display_error', [ $id ] ); -    $c->forward( 'check_has_permission_to', [ 'report_inspect' ] ); +    my $permissions = $c->forward( 'check_has_permission_to', +        [ qw/report_inspect report_edit_category report_edit_priority/ ] );      $c->forward( 'load_updates' );      $c->forward( 'format_problem_for_display' ); @@ -310,28 +312,32 @@ sub inspect : Private {      if ( $c->get_param('save') || $c->get_param('save_inspected') ) {          $c->forward('/auth/check_csrf_token'); -        foreach (qw/detailed_location detailed_information traffic_information/) { -            $problem->set_extra_metadata( $_ => $c->get_param($_) ); -        } +        if ($permissions->{report_inspect}) { +            foreach (qw/detailed_location detailed_information traffic_information/) { +                $problem->set_extra_metadata( $_ => $c->get_param($_) ); +            } -        if ( $c->get_param('save_inspected') ) { -            $problem->set_extra_metadata( inspected => 1 ); -        } +            if ( $c->get_param('save_inspected') ) { +                $problem->set_extra_metadata( inspected => 1 ); +            } -        # Handle the state changing -        my $old_state = $problem->state; -        $problem->state($c->get_param('state')); -        if ( $problem->is_visible() and $old_state eq 'unconfirmed' ) { -            $problem->confirmed( \'current_timestamp' ); -        } -        if ( $problem->state eq 'hidden' ) { -            $problem->get_photoset->delete_cached; -        } -        if ( $problem->state ne $old_state ) { -            $c->forward( '/admin/log_edit', [ $id, 'problem', 'state_change' ] ); +            # Handle the state changing +            my $old_state = $problem->state; +            $problem->state($c->get_param('state')); +            if ( $problem->is_visible() and $old_state eq 'unconfirmed' ) { +                $problem->confirmed( \'current_timestamp' ); +            } +            if ( $problem->state eq 'hidden' ) { +                $problem->get_photoset->delete_cached; +            } +            if ( $problem->state ne $old_state ) { +                $c->forward( '/admin/log_edit', [ $id, 'problem', 'state_change' ] ); +            }          } -        $problem->response_priority( $problem->response_priorities->find({ id => $c->get_param('priority') }) ); +        if ($c->get_param('priority') && ($permissions->{report_inspect} || $permissions->{report_edit_priority})) { +            $problem->response_priority( $problem->response_priorities->find({ id => $c->get_param('priority') }) ); +        }          my $valid = 1;          if ( !$c->forward( '/admin/report_edit_location', [ $problem ] ) ) { @@ -340,7 +346,9 @@ sub inspect : Private {              $c->stash->{errors} = [ _('Invalid location. New location must be covered by the same council.') ];          } -        $c->forward( '/admin/report_edit_category', [ $problem ] ); +        if ($permissions->{report_inspect} || $permissions->{report_edit_category}) { +            $c->forward( '/admin/report_edit_category', [ $problem ] ); +        }          if ($valid) {              $problem->update; @@ -362,18 +370,22 @@ sub map : Private {  =head2 check_has_permission_to -Ensure the currently logged-in user has a particular permission that applies +Ensure the currently logged-in user has any of the provided permissions applied  to the current Problem in $c->stash->{problem}. Shows the 403 page if not.  =cut  sub check_has_permission_to : Private { -    my ( $self, $c, $permission ) = @_; +    my ( $self, $c, @permissions ) = @_;      my $bodies = $c->stash->{problem}->bodies_str; +    my %permissions = map { $_ => $c->user->has_permission_to($_, $bodies) } @permissions +        if $c->user_exists;      $c->detach('/page_error_403_access_denied', [ _("Sorry, you don't have permission to do that.") ] ) -        unless $c->user_exists && $c->user->has_permission_to($permission, $bodies); +        unless $c->user_exists && any { $_ } values %permissions; + +    return \%permissions;  };  __PACKAGE__->meta->make_immutable; | 
