diff --git a/app/request/api/views.py b/app/request/api/views.py
index d00da7f51..fde2f62db 100644
--- a/app/request/api/views.py
+++ b/app/request/api/views.py
@@ -4,25 +4,16 @@
:synopsis: Handles the API request URL endpoints for the OpenRecords application
"""
-from sqlalchemy import desc
+from datetime import datetime
+
from flask import (
jsonify,
render_template,
request as flask_request,
)
-from datetime import datetime
from flask_login import current_user, login_required
-from app.lib.date_utils import calendar
-from app.request.api import request_api_blueprint
-from app.request.api.utils import create_request_info_event
-from app.lib.db_utils import update_object
-from app.lib.utils import eval_request_bool
-from app.lib.permission_utils import (
- is_allowed,
- get_permission
-)
-from app.permissions.utils import get_permissions_as_list
-from app.models import CommunicationMethods, Requests, Responses, Events
+from sqlalchemy import desc
+
from app.constants import RESPONSES_INCREMENT, EVENTS_INCREMENT
from app.constants import (
determination_type,
@@ -31,6 +22,16 @@
response_privacy,
request_status,
)
+from app.lib.db_utils import update_object
+from app.lib.permission_utils import (
+ is_allowed,
+ get_permission
+)
+from app.lib.utils import eval_request_bool
+from app.models import CommunicationMethods, Requests, Responses, Events
+from app.permissions.utils import get_permissions_as_list
+from app.request.api import request_api_blueprint
+from app.request.api.utils import create_request_info_event
@request_api_blueprint.route('/edit_privacy', methods=['GET', 'POST'])
@@ -210,97 +211,119 @@ def get_request_responses():
current_request = Requests.query.filter_by(id=flask_request.args['request_id']).one()
- responses = Responses.query.filter(
- Responses.request_id == current_request.id,
- ~Responses.id.in_([cm.method_id for cm in CommunicationMethods.query.all()]),
- Responses.type != response_type.EMAIL,
- Responses.deleted == False
- ).order_by(
- desc(Responses.date_modified)
- ).all()[start: start + RESPONSES_INCREMENT]
+ if current_user in current_request.agency_users:
+ # If the user is an agency user assigned to the request, all responses can be retrieved.
+ responses = Responses.query.filter(
+ Responses.request_id == current_request.id,
+ ~Responses.id.in_([cm.method_id for cm in CommunicationMethods.query.all()]),
+ Responses.type != response_type.EMAIL,
+ Responses.deleted == False
+ ).order_by(
+ desc(Responses.date_modified)
+ ).all()[start: start + RESPONSES_INCREMENT]
+ elif current_user == current_request.requester:
+ # If the user is the requester, then only responses that are "Release and Private" or "Release and Public"
+ # can be retrieved.
+ responses = Responses.query.filter(
+ Responses.request_id == current_request.id,
+ ~Responses.id.in_([cm.method_id for cm in CommunicationMethods.query.all()]),
+ Responses.type != response_type.EMAIL,
+ Responses.deleted == False,
+ Responses.privacy.in_([response_privacy.RELEASE_AND_PRIVATE, response_privacy.RELEASE_AND_PUBLIC])
+ ).order_by(
+ desc(Responses.date_modified)
+ ).all()[start: start + RESPONSES_INCREMENT]
+
+ else:
+ # If the user is not an agency user assigned to the request or the requester, then only responses that are
+ # "Release and Public" whose release date is not in the future can be retrieved.
+ responses = Responses.query.filter(
+ Responses.request_id == current_request.id,
+ ~Responses.id.in_([cm.method_id for cm in CommunicationMethods.query.all()]),
+ Responses.type != response_type.EMAIL,
+ Responses.deleted == False,
+ Responses.privacy.in_([response_privacy.RELEASE_AND_PUBLIC]),
+ Responses.release_date.isnot(None),
+ Responses.release_date < datetime.utcnow()
+ ).order_by(
+ desc(Responses.date_modified)
+ ).all()[start: start + RESPONSES_INCREMENT]
template_path = 'request/responses/'
response_jsons = []
row_count = 0
for response in responses:
- # If a user is anonymous or a public user who is not the requester AND the date for Release and Public is in
- # the future, do not generate response row
-
- if (current_user in response.request.agency_users) or \
- (current_user == response.request.requester and response.privacy != response_privacy.PRIVATE) or \
- (response.privacy == response_privacy.RELEASE_AND_PUBLIC and response.release_date and
- response.release_date < datetime.utcnow()):
- json = {
- 'id': response.id,
- 'type': response.type
- }
- if eval_request_bool(flask_request.args.get('with_template')):
- row_count += 1
- row = render_template(
- template_path + 'row.html',
- response=response,
- row_num=start + row_count,
- response_type=response_type,
- determination_type=determination_type,
- show_preview=not (response.type == response_type.DETERMINATION and
- (response.dtype == determination_type.ACKNOWLEDGMENT or
- response.dtype == determination_type.REOPENING))
- )
- modal = render_template(
- template_path + 'modal.html',
- response=response,
- requires_workflow=response.type in response_type.EMAIL_WORKFLOW_TYPES,
- modal_body=render_template(
- "{}modal_body/{}.html".format(
- template_path, response.type
- ),
- response=response,
- privacies=[response_privacy.RELEASE_AND_PUBLIC,
- response_privacy.RELEASE_AND_PRIVATE,
- response_privacy.PRIVATE],
- determination_type=determination_type,
- request_status=request_status,
- edit_response_privacy_permission=is_allowed(user=current_user,
- request_id=response.request_id,
- permission=get_permission(
- permission_type='privacy',
- response_type=type(
- response))),
- edit_response_permission=is_allowed(user=current_user,
- request_id=response.request_id,
- permission=get_permission(permission_type='edit',
- response_type=type(
- response))),
- delete_response_permission=is_allowed(user=current_user,
- request_id=response.request_id,
- permission=get_permission(permission_type='delete',
- response_type=type(response))),
- is_editable=response.is_editable,
- current_request=current_request
-
+ json = {
+ 'id': response.id,
+ 'type': response.type
+ }
+ if eval_request_bool(flask_request.args.get('with_template')):
+ row_count += 1
+ row = render_template(
+ template_path + 'row.html',
+ response=response,
+ row_num=start + row_count,
+ response_type=response_type,
+ determination_type=determination_type,
+ show_preview=not (response.type == response_type.DETERMINATION and
+ (response.dtype == determination_type.ACKNOWLEDGMENT or
+ response.dtype == determination_type.REOPENING))
+ )
+ modal = render_template(
+ template_path + 'modal.html',
+ response=response,
+ requires_workflow=response.type in response_type.EMAIL_WORKFLOW_TYPES,
+ modal_body=render_template(
+ "{}modal_body/{}.html".format(
+ template_path, response.type
),
- response_type=response_type,
+ response=response,
+ privacies=[response_privacy.RELEASE_AND_PUBLIC,
+ response_privacy.RELEASE_AND_PRIVATE,
+ response_privacy.PRIVATE],
determination_type=determination_type,
request_status=request_status,
+ edit_response_privacy_permission=is_allowed(user=current_user,
+ request_id=response.request_id,
+ permission=get_permission(
+ permission_type='privacy',
+ response_type=type(
+ response))),
edit_response_permission=is_allowed(user=current_user,
request_id=response.request_id,
permission=get_permission(permission_type='edit',
- response_type=type(response))),
+ response_type=type(
+ response))),
delete_response_permission=is_allowed(user=current_user,
request_id=response.request_id,
permission=get_permission(permission_type='delete',
response_type=type(response))),
- edit_response_privacy_permission=is_allowed(user=current_user,
- request_id=response.request_id,
- permission=get_permission(
- permission_type='privacy',
- response_type=type(
- response))),
is_editable=response.is_editable,
current_request=current_request
- )
- json['template'] = row + modal
- response_jsons.append(json)
+ ),
+ response_type=response_type,
+ determination_type=determination_type,
+ request_status=request_status,
+ edit_response_permission=is_allowed(user=current_user,
+ request_id=response.request_id,
+ permission=get_permission(permission_type='edit',
+ response_type=type(response))),
+ delete_response_permission=is_allowed(user=current_user,
+ request_id=response.request_id,
+ permission=get_permission(permission_type='delete',
+ response_type=type(response))),
+ edit_response_privacy_permission=is_allowed(user=current_user,
+ request_id=response.request_id,
+ permission=get_permission(
+ permission_type='privacy',
+ response_type=type(
+ response))),
+ is_editable=response.is_editable,
+ current_request=current_request
+ )
+ json['template'] = row + modal
+
+ response_jsons.append(json)
return jsonify(responses=response_jsons)
diff --git a/app/templates/request/new_request_agency.html b/app/templates/request/new_request_agency.html
index c1a61ca01..fef7182e1 100644
--- a/app/templates/request/new_request_agency.html
+++ b/app/templates/request/new_request_agency.html
@@ -131,7 +131,7 @@ Alternate Contact Information
No information entered in this section will be visible to the public.
- Note: You must have provide at least one type of contact information (phone number, fax number, or
+
Note: You must provide at least one type of contact information (phone number, fax number, or
address)
{# User of title #}
{{ form.user_title.label(class="request-heading") }}
diff --git a/data/agencies.json b/data/agencies.json
index 9c5ac4bd5..35019fa33 100644
--- a/data/agencies.json
+++ b/data/agencies.json
@@ -548,7 +548,7 @@
"generate_letters": false
},
"specific_request_instructions": {
- "text": ""
+ "text": "In the “Request Description” box, please describe with as much specificity as possible the record(s) you are requesting. Include, as applicable, the following information:
- Project name
- Address
- Borough(s)
- Block numbers(s)
- Lot number(s)
- CP or ULURP number(s)
- CEQR number(s)
- Relevant dates
- Type of record(s)
Please note: Broadly worded requests seeking “any” or “all” records related to a subject matter have the potential to implicate hundreds if not thousands of records, including emails. Requests for emails require an extensive search, and a determination regarding such a broad request typically takes a minimum of sixty (60) business days. If making a request for emails, when possible, the specific sender(s) and recipient(s) should be identified, as well as specific date ranges.
See more information about the Department's FOIL procedures."
}
}
},
diff --git a/data/agencies_test.json b/data/agencies_test.json
index 5c1990056..e69217092 100644
--- a/data/agencies_test.json
+++ b/data/agencies_test.json
@@ -548,7 +548,7 @@
"generate_letters": false
},
"specific_request_instructions": {
- "text": ""
+ "text": "In the “Request Description” box, please describe with as much specificity as possible the record(s) you are requesting. Include, as applicable, the following information:
- Project name
- Address
- Borough(s)
- Block numbers(s)
- Lot number(s)
- CP or ULURP number(s)
- CEQR number(s)
- Relevant dates
- Type of record(s)
Please note: Broadly worded requests seeking “any” or “all” records related to a subject matter have the potential to implicate hundreds if not thousands of records, including emails. Requests for emails require an extensive search, and a determination regarding such a broad request typically takes a minimum of sixty (60) business days. If making a request for emails, when possible, the specific sender(s) and recipient(s) should be identified, as well as specific date ranges.
See more information about the Department's FOIL procedures."
}
}
},