fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2012-02-04 09:53 am
  • Add Memory
  • Share This Entry

[dw-free] Support: allow users to see all their current and past requests

[commit: http://hg.dwscoalition.org/dw-free/rev/c1545996122e]

http://bugs.dwscoalition.org/show_bug.cgi?id=3852

/support/history is now available to everyone. Regular users can view
requests made by their account, and requests from any of their previously
validated emails. Only supporthelps can actually search history for all
users.

Patch by [personal profile] kareila.

Files modified:
  • htdocs/support/history.bml
--------------------------------------------------------------------------------
diff -r 46d43779211f -r c1545996122e htdocs/support/history.bml
--- a/htdocs/support/history.bml	Sat Feb 04 01:32:04 2012 +0000
+++ b/htdocs/support/history.bml	Sat Feb 04 17:55:23 2012 +0800
@@ -19,13 +19,11 @@
 {
     use strict;
     use vars qw(%GET);
-    
+
     my $remote = LJ::get_remote();
     return "<?needlogin?>" unless $remote;
 
-    # supporthelp anywhere lets them in
-    return "You are not authorized to view this page."
-        unless $remote && $remote->has_priv( 'supporthelp' );
+    my $fullsearch = $remote->has_priv( 'supporthelp' );
 
     my $ret;
     if ($GET{user} || $GET{email} || $GET{userid}) {
@@ -37,7 +35,10 @@
         if ($GET{user} || $GET{userid}) {
             # get requests by a user, regardless of email (only gets user requests)
             my $userid = $GET{userid} ? $GET{userid}+0 : LJ::get_userid(LJ::trim($GET{user}));
-            return "Invalid user to search on." unless $userid;
+            return "Invalid user to search on." unless $userid
+                && ( $fullsearch || $remote->id == $userid );
+            $ret .= "<h2>Viewing support requests for " .
+                    LJ::ljuser( LJ::get_username( $userid ) ) . "</h2>\n";
             $reqlist = $dbr->selectall_arrayref('SELECT spid, subject, state, spcatid, requserid, timecreate, reqemail ' .
                                                 'FROM support WHERE reqtype = \'user\' AND requserid = ?',
                                                 undef, $userid);
@@ -45,7 +46,21 @@
             # try by email, note that this gets requests opened by users and anonymous
             # requests, so we can view them all
             my $email = LJ::trim($GET{email});
-            return "Invalid email to search on." unless $email =~ /^.+\@.+$/;
+            my %user_emails;
+
+            unless ( $fullsearch ) {
+                # check the list of allowable emails for this user
+                my $query = "SELECT oldvalue FROM infohistory WHERE userid=? " .
+                            "AND what='email' AND other='A'";
+                my $rows = $dbr->selectall_arrayref( $query, undef, $remote->id );
+                $user_emails{$_->[0]} = 1 foreach @$rows;
+                $user_emails{$remote->email_raw} = 1 if $remote->email_status eq 'A';
+            }
+
+            return "Invalid email to search on." unless $email =~ /^.+\@.+$/
+                && ( $fullsearch || $user_emails{$email} );
+            $ret .= "<h2>Viewing support requests for " .
+                    LJ::ehtml( $email ) . "</h2>\n";
             $reqlist = $dbr->selectall_arrayref('SELECT spid, subject, state, spcatid, requserid, timecreate, reqemail ' .
                                                 'FROM support WHERE reqemail = ?',
                                                 undef, $email);
@@ -63,7 +78,7 @@
                                                    "WHERE u.userid = sp.userid AND sp.spid IN ($idlist)");
             my %points;
             $points{$_->[0]+0} = [ $_->[1], $_->[2]+0 ] foreach @{$winners || []};
-            
+
             # now construct the request blocks
             my %reqs;
             my @userids;
@@ -113,6 +128,21 @@
         } else {
             $ret .= "No results found for the search terms you entered.<br /><br />";
         }
+    } else {
+        return BML::redirect( "$LJ::SITEROOT/support/history?user=" . $remote->user )
+            unless $fullsearch;
+    }
+
+    unless ( $fullsearch ) {
+        # don't show full search form
+        $ret .= "<h3>You may also search for requests from email addresses associated with your account.</h3>"
+            if $GET{user};
+        $ret .= "<form method='get' action='history'>";
+        $ret .= "<label>Search by email:</label> <input type='text' name='email'>";
+        $ret .= "<p><a href='$LJ::SITEROOT/support/history?user=" . $remote->user .
+                "'>Back to account results</a></p>" if $GET{email};
+        $ret .= "</form>";
+        return $ret;
     }
 
     $ret .= "<table summary=''><tr><th colspan='2'>Search for Requests</th></tr>";
--------------------------------------------------------------------------------
Flat | Top-Level Comments Only
ninetydegrees: Art: self-portrait (badass)

[personal profile] ninetydegrees 2012-02-04 12:04 pm (UTC)(link)
YAY!
ninetydegrees: Art: self-portrait (Default)

[personal profile] ninetydegrees 2012-02-05 08:45 pm (UTC)(link)
Just noticed this isn't linked to from anywhere. Any plans to link to this page from the Support homepage? Is that another bug maybe?
kareila: (Default)

[personal profile] kareila 2012-02-06 07:04 am (UTC)(link)
I think that should be a new bug! Thanks for pointing that out.
turlough: Ray Toro onstage, January 2012 ((mcr) ray toro rock god)

[personal profile] turlough 2012-02-04 04:51 pm (UTC)(link)
Neat!
Flat | Top-Level Comments Only