Start building up a report page

Author: ArtOfCode-

app/controllers/complaints_controller.rb

@@ -28,7 +28,7 @@ def create
     if @complaint.save
       @comment = ComplaintComment.new(comment_params.merge(complaint: @complaint, internal: false))
       if @comment.save
-        redirect_to safety_center_path # report path
+        redirect_to complaint_path(@complaint.access_token)
       else
         @errors = @comment.errors.full_messages
         render :report, status: :bad_request, layout: 'without_sidebar'
@@ -38,4 +38,33 @@ def create
       render :report, status: :bad_request, layout: 'without_sidebar'
     end
   end
+
+  def show
+    @complaint = Complaint.includes(:comments, :assignee, comments: :user).where(access_token: params[:token]).first
+
+    if @complaint.nil?
+      raise ActiveRecord::RecordNotFound, "Complaint not found with token=#{params[:token]}"
+    end
+
+    return unless access_check(@complaint)
+
+    @report_type = AppConfig.safety_center['report_types'][@complaint.report_type]
+    @content_type = AppConfig.safety_center['content_types'][@complaint.content_type]
+    @status = AppConfig.safety_center['statuses'][@complaint.status]
+    render layout: 'without_sidebar'
+  end
+
+  private
+
+  def access_check(complaint)
+    if user_signed_in? && (current_user.staff? || current_user == complaint.user)
+      # only allow complainants to access their own complaints regardless of access token
+      true
+    elsif !user_signed_in?
+      # if not signed in then we're just relying on the access token as proof of access
+      true
+    else
+      raise ActiveRecord::RecordNotFound
+    end
+  end
 end

app/models/complaint.rb

@@ -1,16 +1,35 @@
 class Complaint < ApplicationRecord
   belongs_to :user, required: false
   belongs_to :assignee, required: false, class_name: 'User'
+  has_many :comments, class_name: 'ComplaintComment', dependent: :destroy
 
   after_create :generate_access_token
+  after_create :assign_status
 
   validates :email, presence: -> { !user.present? }
   validates :report_type, presence: true
   validates :reported_url, presence: true
 
+  ##
+  # Update the complaint's status, create a comment to record the change, and send emails to the right people.
+  # @param new_status [String] The new status to set, from safety_center.yml.
+  # @param attribute_to [String] Who should the status change be attributed to? Username only.
+  def update_status(new_status, attribute_to = nil)
+    dt = DateTime.now
+    update(status: new_status, status_updated_at: dt)
+    attribution = attribute_to.nil? ? 'automatically' : "by #{attribute_to}"
+    comments.create(content: "Status updated to #{new_status} at #{dt.iso8601} #{attribution}.", internal: true,
+                    user_id: -1)
+    # TODO send email
+  end
+
   private
 
   def generate_access_token
     update(access_token: SecureRandom.uuid)
   end
+
+  def assign_status
+    update_status 'new'
+  end
 end

app/views/complaints/_comment.html.erb

@@ -0,0 +1,26 @@
+<%#
+  Complaint comment partial rendered in a widget.
+
+  Variables:
+    comment: [ComplaintComment] The comment to render.
+%>
+
+<div class="widget <%= 'is-yellow' if comment.internal? %>">
+  <div class="widget--header">
+    <span class="has-font-size-caption">
+      <strong>
+        <% if comment.user.nil? || comment.user == @complaint.user %>
+          Reporter
+        <% elsif current_user&.staff? %>
+          <%= comment.user.rtl_safe_username %>
+        <% else %>
+          Staff
+        <% end %>
+      </strong>
+      <%= time_ago_in_words(comment.created_at) %> ago
+    </span>
+  </div>
+  <div class="widget--body has-font-size-caption">
+    <%= comment.content %>
+  </div>
+</div>

app/views/complaints/show.html.erb

@@ -0,0 +1,65 @@
+<%= link_to safety_center_path do %>
+  &laquo; Back to Safety Center
+<% end %>
+
+<h1><%= @report_type['name'] %></h1>
+<div class="grid">
+  <div class="grid--cell is-12 is-6-md is-6-lg">
+    <div class="widget">
+      <div class="widget--body">
+        <h2 class="has-font-size-base h-m-t-0">Report</h2>
+        <div class="grid has-font-size-caption">
+          <div class="grid--cell is-3">Reported URL</div>
+          <div class="grid--cell is-9 has-color-yellow-700">
+            <i class="fas fa-exclamation-triangle"></i>
+            <%= link_to @complaint.reported_url, @complaint.reported_url, class: 'is-yellow' %>
+          </div>
+
+          <% if @content_type.present? %>
+            <div class="grid--cell is-3">Content type</div>
+            <div class="grid--cell is-9"><%= @content_type['name'] %></div>
+          <% end %>
+
+          <div class="grid--cell is-3">Reported by</div>
+          <div class="grid--cell is-9">
+            <% if @complaint.user.present? %>
+              <%= user_link @complaint.user %>
+            <% else %>
+              <%= @complaint.email %>
+            <% end %>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+  <div class="grid--cell is-12 is-6-md is-6-lg">
+    <div class="widget">
+      <div class="widget--body">
+        <h2 class="has-font-size-base h-m-t-0">Investigation</h2>
+        <div class="grid has-font-size-caption">
+          <div class="grid--cell is-3">Status</div>
+          <div class="grid--cell is-9">
+            <%= @status['name'] %>
+            (last updated <%= time_ago_in_words(@complaint.status_updated_at) %> ago)
+          </div>
+
+          <div class="grid--cell is-3">Assignee</div>
+          <div class="grid--cell is-9">
+            <% if @complaint.assignee.nil? %>
+              (unassigned)
+            <% elsif user_signed_in? && current_user.staff? %>
+              <%= user_link @complaint.assignee %>
+            <% else %>
+              Yes - Assigned to Investigator
+            <% end %>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<% @complaint.comments.sort_by(&:created_at).each do |comment| %>
+  <% next if comment.internal? && !current_user&.staff? %>
+  <%= render 'comment', comment: comment %>
+<% end %>

config/config/safety_center.yml

@@ -1,15 +1,36 @@
+statuses:
+  new:
+    name: New
+    description: This is a new report, waiting to be assigned an investigator.
+  assigned:
+    name: Assigned
+    description: This report has been assigned to a member of staff and is being investigated.
+  reviewed:
+    name: Reviewed
+    description: This report has been investigated and appropriate action taken.
+  responded:
+    name: Responded
+    description: This report has had a response from the reporter.
+  closed:
+    name: Closed
+    description: This report has been closed. No further action may be taken.
+
 report_types:
   illegal:
     enabled: true
+    name: Report of illegal content
     description: illegal harmful content
   abusive:
     enabled: true
+    name: Report of abusive content
     description: abusive or otherwise harmful content
   copyright:
     enabled: true
+    name: Report of copyright infringement
     description: copyright infringement
   appeal:
     enabled: true
+    name: Classification Appeal
     description: an appeal regarding how we've handled your content
 
 content_types:

db/migrate/20251010005424_add_status_updated_at_to_complaints.rb

@@ -0,0 +1,5 @@
+class AddStatusUpdatedAtToComplaints < ActiveRecord::Migration[7.2]
+  def change
+    add_column :complaints, :status_updated_at, :datetime
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.2].define(version: 2025_10_08_162510) do
+ActiveRecord::Schema[7.2].define(version: 2025_10_10_005424) do
   create_table "abilities", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
     t.bigint "community_id"
     t.string "name"
@@ -256,6 +256,7 @@
     t.string "content_type"
     t.string "email"
     t.string "reported_url"
+    t.datetime "status_updated_at"
     t.index ["access_token"], name: "index_complaints_on_access_token", unique: true
     t.index ["assignee_id"], name: "index_complaints_on_assignee_id"
     t.index ["report_type"], name: "index_complaints_on_report_type"

test/controllers/complaints_controller_test.rb

@@ -43,7 +43,7 @@ class ComplaintsControllerTest < ActionDispatch::IntegrationTest
                       content: 'test', email: 'something@else.com', user_wants_updates: true
     assert_response(:found)
     assert_not_nil assigns(:complaint)
-    # assert_redirected_to complaint_path(@complaint.access_token)
+    assert_redirected_to complaint_path(@complaint.access_token)
     assert_equal users(:basic_user).email, assigns(:complaint).email
   end
 
@@ -52,7 +52,7 @@ class ComplaintsControllerTest < ActionDispatch::IntegrationTest
                       content: 'test', email: 'something@else.com', user_wants_updates: true
     assert_response(:found)
     assert_not_nil assigns(:complaint)
-    # assert_redirected_to complaint_path(@complaint.access_token)
+    assert_redirected_to complaint_path(@complaint.access_token)
     assert_equal 'something@else.com', assigns(:complaint).email
   end