rapidftr#622: rikesh - merge with master

Gemfile

@@ -25,8 +25,8 @@ group :cucumber do
 end
 
 group :test do
-  gem 'rspec',            '1.3.0'
-  gem 'rspec-rails',      '1.3.2'
+  gem 'rspec',            '1.3.2'
+  gem 'rspec-rails',      '1.3.4'
   gem 'webrat',           '0.7.1'
 end
 

Gemfile.lock

@@ -1,7 +1,7 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    Ascii85 (1.0.0)
+    Ascii85 (1.0.1)
     actionmailer (2.3.11)
       actionpack (= 2.3.11)
     actionpack (2.3.11)
@@ -55,7 +55,7 @@ GEM
     prawn-layout (0.8.4)
     prawn-security (0.8.4)
     rack (1.1.2)
-    rack-test (0.5.7)
+    rack-test (0.6.0)
       rack (>= 1.0)
     rails (2.3.11)
       actionmailer (= 2.3.11)
@@ -69,10 +69,10 @@ GEM
       mime-types (>= 1.16)
     rsolr (0.12.1)
       builder (>= 2.1.2)
-    rspec (1.3.0)
-    rspec-rails (1.3.2)
+    rspec (1.3.2)
+    rspec-rails (1.3.4)
       rack (>= 1.0.0)
-      rspec (>= 1.3.0)
+      rspec (~> 1.3.1)
     subexec (0.0.4)
     sunspot (1.1.0)
       escape (= 0.0.4)
@@ -105,8 +105,8 @@ DEPENDENCIES
   prawn (= 0.8.4)
   rails (= 2.3.11)
   rest-client (= 1.3.0)
-  rspec (= 1.3.0)
-  rspec-rails (= 1.3.2)
+  rspec (= 1.3.2)
+  rspec-rails (= 1.3.4)
   subexec (= 0.0.4)
   sunspot (= 1.1.0)
   uuidtools (= 2.1.1)

app/controllers/advanced_search_controller.rb

@@ -1,8 +1,7 @@
 class AdvancedSearchController < ApplicationController
 
   def index
-    puts params[:criteria_list]
-    @forms = FormSection.all
+    @forms = FormSection.by_order
     @aside = 'shared/sidebar_links'
     new_search = !params[:criteria_list]
     if new_search

app/controllers/application_controller.rb

@@ -44,7 +44,7 @@ def render_error_response(ex)
 
   # TODO Remove duplication in ApplicationHelper
   def current_user_name
-    session = get_session
+    session = app_session
     return session.user_name unless session.nil?
   end
 

app/controllers/checks_authentication.rb

@@ -13,6 +13,7 @@ def app_session
   # a before filter requiring user to be logged in
   def check_authentication
     session = app_session
+    handle_device_blacklisted(session) if session && session.device_blacklisted?
     raise AuthenticationFailure.bad_token('invalid session token') if session.nil?
   end
 
@@ -39,4 +40,8 @@ def handle_authorization_failure(authorization_failure)
       format.any { render_error_response ErrorResponse.new(403, authorization_failure.message) }
     end
   end
+
+  def handle_device_blacklisted(session)
+    render(:status => 403, :json => session.imei)
+  end
 end

app/controllers/children_controller.rb

@@ -111,12 +111,12 @@ def new_search
   # PUT /children/1
   # PUT /children/1.xml
   def update
-    @child = Child.get(params[:id])
+    @child = Child.get(params[:id]) || Child.new_with_user_name(current_user_name, params[:child])
+
     new_photo = params[:child].delete(:photo)
     new_audio = params[:child].delete(:audio)
     @child.update_properties_with_user_name(current_user_name, new_photo, new_audio, params[:child])
 
-
     respond_to do |format|
       if @child.save
         flash[:notice] = 'Child was successfully updated.'

app/controllers/contact_information_controller.rb

@@ -1,27 +1,28 @@
 class ContactInformationController < ApplicationController
+  skip_before_filter :check_authentication, :only => %w{show}
+
+  before_filter :administrators_only, :except => %w{show}
+
+  # GET /contact_information/Administrator  
   def show
     @contact_information = ContactInformation.get_by_id(params[:id]) 
     respond_to do |format|
       format.html # index.html.erb
       format.json { render :json => @contact_information }
     end
   end
-  # GET /contact_information/Admininstrator/edit
+
   # GET /contact_information/Administrator/edit
   def edit
-    administrators_only
     @contact_information = ContactInformation.get_or_create(params[:id])
   end
 
-  # POST /contact_information/Administrator
-
+  # PUT /contact_information/Administrator
   def update
-    administrators_only
     @contact_information = ContactInformation.get_by_id(params[:id])
     @contact_information.update_attributes(params[:contact_information])  
     @contact_information.save!
     flash[:notice] = 'Contact information was successfully updated.'
     redirect_to edit_contact_information_path(params[:id]) 
   end
-
-end
+end

app/controllers/sessions_controller.rb

@@ -45,19 +45,19 @@ def create
     @login = Login.new(params)
     @session = @login.authenticate_user
 
-    if @login.device_blacklisted?
-      render (:status => :unauthorized, :json => params[:imei]) 
-      return 
-    end
-
     if not @session
       respond_to do |format|
         handle_login_error("Invalid credentials. Please try again!", format)
       end
 
       return
     end
-
+
+    if @session.device_blacklisted?
+      handle_device_blacklisted(@session) 
+      return
+    end
+
     respond_to do |format|
       if @session.save
         @session.put_in_cookie(cookies)

app/controllers/users_controller.rb

@@ -1,21 +1,34 @@
 class UsersController < ApplicationController
 
-  before_filter :administrators_only
+  before_filter :administrators_only, :except =>[:show, :edit, :update]
 
   def index
     @users = User.view("by_full_name")
   end
 
   def show
+    :check_authentication
+
+    session = app_session
     @user = User.get(params[:id])
+    unless session.admin? or @user.user_name == current_user_name   
+      raise AuthorizationFailure.new('Not permitted to view page')      
+    end
   end
 
   def new
     @user = User.new
   end
 
   def edit
+    :check_authentication
+
+    session = app_session
+
     @user = User.get(params[:id])
+    unless session.admin? or @user.user_name == current_user_name   
+      raise AuthorizationFailure.new('Not permitted to view page')
+    end
   end
 
   def create
@@ -29,19 +42,27 @@ def create
   end
 
   def update
+    :check_authentication
+
+    session = app_session
+
     @user = User.get(params[:id])
+    unless session.admin? or @user.user_name == current_user_name
+      raise AuthorizationFailure.new('Not permitted to view page') unless session.admin?
+    end
+
     if @user.update_attributes(params[:user])
       flash[:notice] = 'User was successfully updated.'
-      redirect_to(@user) 
+      redirect_to(@user)
     else
-      render :action => "edit" 
+      render :action => "edit"
     end
   end
-
+  
   def destroy
     @user = User.get(params[:id])
     @user.destroy
     redirect_to(users_url) 
   end
-
+  
 end

app/helpers/children_helper.rb

@@ -21,5 +21,10 @@ def is_playable_in_browser audio
   def link_to_update_info(child)
     link_to('and others', child_history_path(child)) unless child.has_one_interviewer?
   end
-
+
+  def flag_message
+    user = @child.histories.select{|h| h["changes"]["flag"]}.first["user_name"]
+    message = (@child.flag_message.blank? && "") || ": \"#{@child.flag_message}\""
+    "Flagged as suspect record by #{user}#{message}"
+  end
 end

app/models/child.rb

@@ -12,6 +12,7 @@ class Child < CouchRestRails::Document
   property :name
   property :nickname
   property :unique_identifier
+  property :flag, :cast_as => :boolean
 
   view_by :name,
           :map => "function(doc) {
@@ -27,8 +28,8 @@ class Child < CouchRestRails::Document
   validates_fields_of_type Field::TEXT_FIELD
   validates_fields_of_type Field::TEXT_AREA
   validates_fields_of_type Field::DATE_FIELD
-  validates_with_method :age, :method => :validate_age
   validates_with_method :validate_has_at_least_one_field_value
+	validates_with_method :created_at, :method => :validate_created_at
 
   def self.build_solar_schema
     fields = build_fields_for_solar
@@ -48,11 +49,6 @@ def validate_has_at_least_one_field_value
     [false, "Please fill in at least one field or upload a file"]
   end
 
-  def validate_age
-    return true if age.nil? || age.blank? || !age.is_number? || (age =~ /^\d{1,2}(\.\d)?$/ && age.to_f > 0 && age.to_f < 100)
-    [false, "Age must be between 1 and 99"]
-  end
-
   def validate_file_name
     return true if @file_name == nil || /([^\s]+(\.(?i)(jpg|jpeg|png))$)/ =~ @file_name
     [false, "Please upload a valid photo file (jpg or png) for this child record"]
@@ -62,6 +58,17 @@ def validate_audio_file_name
     return true if @audio_file_name == nil || /([^\s]+(\.(?i)(amr|mp3))$)/ =~ @audio_file_name
     [false, "Please upload a valid audio file (amr or mp3) for this child record"]
   end
+
+	def validate_created_at
+		begin
+			if self['created_at']
+				DateTime.parse self['created_at'] 
+			end
+			true
+		rescue
+			[false, '']
+		end
+	end
 
   def method_missing(m, *args, &block)  
     self[m]
@@ -104,7 +111,8 @@ def create_unique_id(user_name)
 
   def set_creation_fields_for(user_name)
     self['created_by'] = user_name
-    self['created_at'] = current_formatted_time
+    self['created_at'] ||= current_formatted_time
+    self['posted_at'] = current_formatted_time
   end
 
   def set_updated_fields_for(user_name)
@@ -142,18 +150,29 @@ def photo
   end
 
   def audio
-    attachment_name = self['recorded_audio']
-    return nil unless attachment_name && (has_attachment? attachment_name)
-    data = read_attachment attachment_name
-    content_type = self['_attachments'][attachment_name]['content_type']
-    FileAttachment.new attachment_name, content_type, data
+    return nil if self['audio_attachments'].nil?
+    attachment_key = self['audio_attachments']['original']
+    return nil unless has_attachment? attachment_key
+
+    data = read_attachment attachment_key
+    content_type = self['_attachments'][attachment_key]['content_type']
+    FileAttachment.new attachment_key, content_type, data
   end
 
   def audio=(audio_file)
     return unless audio_file.respond_to? :content_type
     @audio_file_name = audio_file.original_path
     attachment = FileAttachment.from_uploadable_file(audio_file, "audio")
-    attach(attachment, 'recorded_audio')
+
+    attach(attachment, attachment.name)
+    setup_original_audio(attachment)
+    setup_mime_specific_audio(attachment)
+  end
+
+  def add_audio_file(audio_file, content_type)
+    attachment = FileAttachment.from_file(audio_file, content_type, "audio", key_for_content_type(content_type))
+    attach(attachment, attachment.name)
+    setup_mime_specific_audio(attachment)
   end
 
   def media_for_key(media_key)
@@ -199,14 +218,18 @@ def current_formatted_time
   def changes_for(field_names)
     field_names.inject({}) do |changes, field_name|
       changes.merge(field_name => {
-              'from' => @from_child[field_name],
-              'to' => self[field_name] })
+        'from' => @from_child[field_name],
+        'to' => self[field_name]
+      })
     end
   end
 
   def field_name_changes
     @from_child ||= Child.get(self.id)
-    FormSection.all_child_field_names.select { |field_name| changed?(field_name) }
+    form_section_fields = FormSection.all_child_field_names
+    other_fields = ["flag","flag_message"]
+    all_fields = form_section_fields + other_fields
+    all_fields.select { |field_name| changed?(field_name) }
   end
 
   def changed?(field_name)
@@ -229,8 +252,25 @@ def attach(attachment, key)
   end
 
   def deprecated_fields
-    system_fields = ["created_at", "_rev", "_id", "created_by", "couchrest-type", "histories", "unique_identifier"]
+    system_fields = ["created_at","posted_at", "posted_from", "_rev", "_id", "created_by", "couchrest-type", "histories", "unique_identifier"]
     existing_fields = system_fields + FormSection.all_enabled_child_fields.map {|x| x.name}
     self.reject {|k,v| existing_fields.include? k} 
   end
+
+  def setup_original_audio(attachment)
+    audio_attachments = (self['audio_attachments'] ||= {})
+    audio_attachments.clear
+    audio_attachments['original'] = attachment.name
+  end
+
+  def setup_mime_specific_audio(file_attachment)
+    audio_attachments = (self['audio_attachments'] ||= {})
+    content_type_for_key = file_attachment.mime_type.to_sym.to_s
+    audio_attachments[content_type_for_key] = file_attachment.name
+  end
+
+  def key_for_content_type(content_type)
+    Mime::Type.lookup(content_type).to_sym.to_s
+  end
+
 end