From f062193076b5caaceebd9f1dae62c01234c3f3b1 Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Tue, 7 Oct 2014 17:01:28 +0100 Subject: Validate category name/email/note in admin. This prevents the creation of a category with a blank name. Fixes #556. --- perllib/FixMyStreet/App/Controller/Admin.pm | 11 +++++- t/app/controller/admin.t | 1 + templates/web/base/admin/body.html | 61 ++++++++++++++++++----------- templates/web/base/admin/body_edit.html | 2 +- 4 files changed, 51 insertions(+), 24 deletions(-) diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index cfe165f43..c1df8622f 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -343,8 +343,13 @@ sub update_contacts : Private { if ( $posted eq 'new' ) { $c->forward('check_token'); + my %errors; + my $category = $self->trim( $c->req->param( 'category' ) ); + $errors{category} = _("Please choose a category") unless $category; my $email = $self->trim( $c->req->param( 'email' ) ); + $errors{email} = _('Please enter a valid email') unless is_valid_email($email); + $errors{note} = _('Please enter a message') unless $c->req->param('note'); $category = 'Empty property' if $c->cobrand->moniker eq 'emptyhomes'; @@ -367,7 +372,11 @@ sub update_contacts : Private { $contact->api_key( $c->req->param('api_key') ); $contact->send_method( $c->req->param('send_method') ); - if ( $contact->in_storage ) { + if ( %errors ) { + $c->stash->{updated} = _('Please correct the errors below'); + $c->stash->{contact} = $contact; + $c->stash->{errors} = \%errors; + } elsif ( $contact->in_storage ) { $c->stash->{updated} = _('Values updated'); # NB: History is automatically stored by a trigger in the database diff --git a/t/app/controller/admin.t b/t/app/controller/admin.t index bf7a9ed70..2cc88ccc3 100644 --- a/t/app/controller/admin.t +++ b/t/app/controller/admin.t @@ -219,6 +219,7 @@ subtest 'check contact editing' => sub { $mech->content_contains( 'test2 note' ); $mech->content_contains( 'Public' ); + $mech->get_ok('/admin/body_edit/2650/test%20category'); $mech->submit_form_ok( { with_fields => { email => 'test2@example.com', note => 'test2 note', diff --git a/templates/web/base/admin/body.html b/templates/web/base/admin/body.html index b207d18ca..bc815ae62 100644 --- a/templates/web/base/admin/body.html +++ b/templates/web/base/admin/body.html @@ -6,6 +6,8 @@

[% END %] +[% IF NOT errors %] +

[% IF example_pc %] [% tprintf( loc('Example postcode %s'), example_pc ) | html %] | @@ -61,18 +63,18 @@ [% loc('When edited') %] [% loc('Confirm') %] - [% WHILE ( contact = contacts.next ) %] - - [% contact.category %] - [% contact.email | html %] - [% IF contact.confirmed %][% loc('Yes') %][% ELSE %][% loc('No') %][% END %] - [% IF contact.deleted %][% loc('Yes') %][% ELSE %][% loc('No') %][% END %] - [% IF body.can_be_devolved && contact.send_method %][% loc('Yes') %][% ELSE %][% loc('No') %][% END %] - [% contact.editor %] - [% contact.note | html %] - [% contact.non_public ? loc('Non Public') : loc('Public') %] - [% contact.whenedited.ymd _ ' ' _ contact.whenedited.hms %] - + [% WHILE ( cat = contacts.next ) %] + + [% cat.category %] + [% cat.email | html %] + [% IF cat.confirmed %][% loc('Yes') %][% ELSE %][% loc('No') %][% END %] + [% IF cat.deleted %][% loc('Yes') %][% ELSE %][% loc('No') %][% END %] + [% IF body.can_be_devolved && cat.send_method %][% loc('Yes') %][% ELSE %][% loc('No') %][% END %] + [% cat.editor %] + [% cat.note | html %] + [% cat.non_public ? loc('Non Public') : loc('Public') %] + [% cat.whenedited.ymd _ ' ' _ cat.whenedited.hms %] + [% END %] @@ -84,14 +86,25 @@

-
-

[% loc('Add new category') %]

-

+

[% loc("Each contact for the body has a category, which is displayed to the public. Different categories can have the same contact (email address). This means you can add many categories even if you only have one contact for the body. ") %] -

+

+ +[% END %][%# Only show all the above if no errors with below form %] + +
+ [% IF NOT contact %] +

[% loc('Add new category') %]

+ [% END %] + +[% IF errors %] +
+ [% errors.values.join('
') %] +
+[% END %]
@@ -106,7 +119,7 @@

- [% loc('Category:') %] + [% loc('Category:') %]

[% END %] @@ -123,7 +136,7 @@

- [% loc('Email address:') %] + [% loc('Email address:') %]

@@ -133,7 +146,7 @@

- +

@@ -144,7 +157,7 @@

- +

@@ -169,14 +182,14 @@

- +

- +

@@ -185,8 +198,12 @@
+ +[% IF NOT errors %]

[% loc('Edit body details') %]

[% INCLUDE 'admin/body-form.html' %]
+[% END %][%# Only show all the above if no errors with category form %] + [% INCLUDE 'admin/footer.html' %] diff --git a/templates/web/base/admin/body_edit.html b/templates/web/base/admin/body_edit.html index f2bae0c0b..ef7a0a11c 100644 --- a/templates/web/base/admin/body_edit.html +++ b/templates/web/base/admin/body_edit.html @@ -41,7 +41,7 @@ [% END %]

-

[% loc('Note:') %] +

[% loc('Note:') %] [% IF body.can_be_devolved %]

[% loc('Configure Endpoint') %]

-- cgit v1.2.3