WIP: fixup! Protect staff name & phone fields in FMS front-end.

mysociety · Mar 10, 2022 · c8fe2e5 · c8fe2e5
1 parent 34aace9
commit c8fe2e5
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 24 deletions.
diff --git a/.cypress/cypress/integration/staff.js b/.cypress/cypress/integration/staff.js
@@ -45,35 +45,36 @@ describe('Staff user tests', function() {
  });
 
  it('does not let staff update their name, phone or email address whilst reporting or updating', function() {
- // Lest CS staff forget to select 'report as another user' and type the reporter's details into their own account.
+ // Lest CS staff forget to select 'report as another user' and type the reporter's details over their own.
  cy.server();
 
- Cypress.on('uncaught:exception', function(err, runnable) {
- // handle IOW assets error
- return false;
+ // log in and create report
+ cy.route('/report/new/ajax*').as('report-ajax');
+ cy.request({
+ method: 'POST',
+ url: '/auth?r=/',
+ form: true,
+ body: { username: '[email protected]', password_sign_in: 'password' }
  });
+ cy.visit('/');
+ cy.contains('Go');
+ cy.get('[name=pc]').type(Cypress.env('postcode'));
+ cy.get('[name=pc]').parents('form').submit();
+ cy.url().should('include', '/around');
+ cy.get('#map_box').click(240, 249);
+ cy.wait('@report-ajax');
 
- // log in
- cy.visit('/auth');
- cy.get('[name=username]').type('[email protected]');
- cy.contains('Sign in with a password').click();
- cy.get('[name=password_sign_in]').type('password');
- cy.get('[name=sign_in_by_password]').last().click();
-
- // Visit Borsetshire
- cy.visit('/report/new?latitude=51.496194&longitude=-2.603439,');
  // pick category: with check to avoid race condition
  // but doesn't always work, so have added {force:true} as well
  cy.get('input[value="Flytipping"]').should('be.visible').click({force:true});
  cy.nextPageReporting();
 
  // photos & description pages
  cy.nextPageReporting();
- cy.get('#form_title').type('Fly-tipped sofa');
- cy.get('#form_detail').type('Looks like a Chesterfield.');
  cy.nextPageReporting();
 
  // about you page
+ cy.get('#form_as').select('myself');
  cy.get('[name=username]').should('be.disabled'); // (already protected)
  cy.get('[name=phone]').should('be.disabled');
  cy.get('[name=name]').should('have.attr', 'readonly');

diff --git a/web/cobrands/fixmystreet/fixmystreet.js b/web/cobrands/fixmystreet/fixmystreet.js
@@ -1108,8 +1108,6 @@ $.extend(fixmystreet.set_up, {
  hide('.js-new-report-user-hidden');
  show('.js-new-report-user-shown').then(function(){
  focusFirstVisibleInput();
- // run now to protect staff fields when adding an update:
- fixmystreet.staff_set_up.contribute_as();
  });
  });
 

diff --git a/web/cobrands/fixmystreet/staff.js b/web/cobrands/fixmystreet/staff.js
@@ -106,7 +106,7 @@ fixmystreet.staff_set_up = {
  if (val === 'myself') {
  $emailInput.val($emailInput.prop('defaultValue')).prop('disabled', true);
  $emailOptionalLabel.addClass('hidden');
- $nameInput.val($nameInput.prop('defaultValue')).prop('readonly', true);
+ $nameInput.val($nameInput.prop('defaultValue')).prop('disabled', false).prop('readonly', true);
  $phoneInput.val($phoneInput.prop('defaultValue')).prop('disabled', true);
  $showNameCheckbox.prop('checked', false).prop('disabled', false);
  $addAlertCheckbox.prop('checked', true).prop('disabled', false);
@@ -123,24 +123,21 @@ fixmystreet.staff_set_up = {
  $emailOptionalLabel.removeClass('hidden');
  $emailInput.removeClass('required');
  }
- $nameInput.val('').prop('disabled', false);
- $nameInput.val('').prop('readonly', false);
+ $nameInput.val('').prop('disabled', false).prop('readonly', false);
  $phoneInput.val('').prop('disabled', false);
  $showNameCheckbox.prop('checked', false).prop('disabled', true);
  $addAlertCheckbox.prop('checked', true).prop('disabled', false);
  } else if (val === 'anonymous_user') {
  $emailInput.val('-').prop('disabled', true);
  $emailOptionalLabel.addClass('hidden');
- $nameInput.val('-').prop('disabled', true);
- $nameInput.val('').prop('readonly', false);
+ $nameInput.val('-').prop('disabled', true).prop('readonly', false);
  $phoneInput.val('-').prop('disabled', true);
  $showNameCheckbox.prop('checked', false).prop('disabled', true);
  $addAlertCheckbox.prop('checked', false).prop('disabled', true);
  } else if (val === 'body') {
  $emailInput.val('-').prop('disabled', true);
  $emailOptionalLabel.addClass('hidden');
- $nameInput.val(txt).prop('disabled', true);
- $nameInput.val('').prop('readonly', false);
+ $nameInput.val(txt).prop('disabled', false).prop('readonly', true);
  $phoneInput.val('-').prop('disabled', true);
  $showNameCheckbox.prop('checked', true).prop('disabled', true);
  $addAlertCheckbox.prop('checked', false).prop('disabled', true);
@@ -461,6 +458,7 @@ $(function() {
 });
 
 $(fixmystreet).on('display:report', function() {
+ fixmystreet.staff_set_up.contribute_as();
  fixmystreet.staff_set_up.moderation();
  fixmystreet.staff_set_up.response_templates();
  if ($("#report_inspect_form").length) {