Use resourceful routes for terms view/accept/decline

2025-01-04 14:25:47 +03:00 · 2025-01-04 14:25:47 +03:00 · 606b5c1b6a
commit 606b5c1b6a
parent 44843c1dd7
15 changed files with 204 additions and 171 deletions
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@ -23,7 +23,8 @@ class Ability
      can :read, Redaction
      can [:create, :destroy], :session
      can [:read, :data, :georss], Trace
-      can [:read, :terms, :create, :save, :suspended, :auth_success, :auth_failure], User
+      can [:read, :create, :suspended, :auth_success, :auth_failure], User
+      can [:read, :update], :account_terms
      can :read, UserBlock
    end

--- a/app/assets/stylesheets/common.scss
+++ b/app/assets/stylesheets/common.scss
@ -818,7 +818,7 @@ tr.turn {

 /* Rules for the account confirmation page */

-.users-terms {
+.accounts-terms-show {
  .legale {
    padding: $lineheight;
    margin-bottom: $lineheight;
--- a/app/controllers/accounts/terms_controller.rb
+++ b/app/controllers/accounts/terms_controller.rb
@ -0,0 +1,65 @@
+module Accounts
+  class TermsController < ApplicationController
+    include SessionMethods
+
+    layout "site"
+
+    before_action :disable_terms_redirect
+    before_action :authorize_web
+    before_action :set_locale
+    before_action :check_database_readable
+
+    authorize_resource :class => :account_terms
+
+    def show
+      @legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || Settings.default_legale
+      @text = OSM.legal_text_for_country(@legale)
+
+      if request.xhr?
+        render :partial => "terms"
+      else
+        @title = t ".title"
+
+        if current_user&.terms_agreed?
+          # Already agreed to terms, so just show settings
+          redirect_to edit_account_path
+        elsif current_user.nil?
+          redirect_to login_path(:referer => request.fullpath)
+        end
+      end
+    end
+
+    def update
+      @title = t "users.new.title"
+
+      if params[:decline] || !(params[:read_tou] && params[:read_ct])
+        if current_user
+          current_user.terms_seen = true
+
+          flash[:notice] = { :partial => "accounts/terms/terms_declined_flash" } if current_user.save
+
+          referer = safe_referer(params[:referer]) if params[:referer]
+
+          redirect_to referer || edit_account_path
+        elsif params[:decline]
+          redirect_to t("users.terms.declined"), :allow_other_host => true
+        else
+          redirect_to account_terms_path
+        end
+      elsif current_user
+        unless current_user.terms_agreed?
+          current_user.consider_pd = params[:user][:consider_pd]
+          current_user.tou_agreed = Time.now.utc
+          current_user.terms_agreed = Time.now.utc
+          current_user.terms_seen = true
+
+          flash[:notice] = t "users.new.terms accepted" if current_user.save
+        end
+
+        referer = safe_referer(params[:referer]) if params[:referer]
+
+        redirect_to referer || edit_account_path
+      end
+    end
+  end
+end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -56,11 +56,11 @@ class ApplicationController < ActionController::Base
      # don't allow access to any auth-requiring part of the site unless
      # the new CTs have been seen (and accept/decline chosen).
      elsif !current_user.terms_seen && flash[:skip_terms].nil?
-        flash[:notice] = t "users.terms.you need to accept or decline"
+        flash[:notice] = t "accounts.terms.show.you need to accept or decline"
        if params[:referer]
-          redirect_to :controller => "users", :action => "terms", :referer => params[:referer]
+          redirect_to account_terms_path(:referer => params[:referer])
        else
-          redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
+          redirect_to account_terms_path(:referer => request.fullpath)
        end
      end
    end
--- a/app/controllers/concerns/session_methods.rb
+++ b/app/controllers/concerns/session_methods.rb
@ -48,7 +48,7 @@ module SessionMethods
    # - If they were referred to the login, send them back there.
    # - Otherwise, send them to the home page.
    if !user.terms_seen
-      redirect_to :controller => :users, :action => :terms, :referer => target
+      redirect_to account_terms_path(:referer => target)
    elsif user.blocked_on_view
      redirect_to user.blocked_on_view, :referer => target
    else
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -6,7 +6,6 @@ class UsersController < ApplicationController
  layout "site"

  skip_before_action :verify_authenticity_token, :only => [:auth_success]
-  before_action :disable_terms_redirect, :only => [:terms, :save]
  before_action :authorize_web
  before_action :set_locale
  before_action :check_database_readable
@ -106,57 +105,6 @@ class UsersController < ApplicationController
    redirect_to user_path(:display_name => params[:display_name])
  end

-  def terms
-    @legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || Settings.default_legale
-    @text = OSM.legal_text_for_country(@legale)
-
-    if request.xhr?
-      render :partial => "terms"
-    else
-      @title = t ".title"
-
-      if current_user&.terms_agreed?
-        # Already agreed to terms, so just show settings
-        redirect_to edit_account_path
-      elsif current_user.nil?
-        redirect_to login_path(:referer => request.fullpath)
-      end
-    end
-  end
-
-  def save
-    @title = t "users.new.title"
-
-    if params[:decline] || !(params[:read_tou] && params[:read_ct])
-      if current_user
-        current_user.terms_seen = true
-
-        flash[:notice] = { :partial => "users/terms_declined_flash" } if current_user.save
-
-        referer = safe_referer(params[:referer]) if params[:referer]
-
-        redirect_to referer || edit_account_path
-      elsif params[:decline]
-        redirect_to t("users.terms.declined"), :allow_other_host => true
-      else
-        redirect_to :action => :terms
-      end
-    elsif current_user
-      unless current_user.terms_agreed?
-        current_user.consider_pd = params[:user][:consider_pd]
-        current_user.tou_agreed = Time.now.utc
-        current_user.terms_agreed = Time.now.utc
-        current_user.terms_seen = true
-
-        flash[:notice] = t "users.new.terms accepted" if current_user.save
-      end
-
-      referer = safe_referer(params[:referer]) if params[:referer]
-
-      redirect_to referer || edit_account_path
-    end
-  end
-
  def go_public
    current_user.data_public = true
    current_user.save
--- a/app/views/accounts/edit.html.erb
+++ b/app/views/accounts/edit.html.erb
@ -53,7 +53,7 @@
        <% end %>
      <% else %>
        <%= t ".contributor terms.not yet agreed" %>
-        <%= link_to t(".contributor terms.review link text"), :controller => "users", :action => "terms" %>
+        <%= link_to t(".contributor terms.review link text"), account_terms_path %>
      <% end %>
    </span>
  </div>
--- a/app/views/accounts/terms/_terms.html.erb
+++ b/app/views/accounts/terms/_terms.html.erb
--- a/app/views/accounts/terms/_terms_declined_flash.html.erb
+++ b/app/views/accounts/terms/_terms_declined_flash.html.erb
--- a/app/views/accounts/terms/show.html.erb
+++ b/app/views/accounts/terms/show.html.erb
@ -9,7 +9,7 @@
  </div>
 <% end %>

-<%= form_tag({ :action => "save" }) do %>
+<%= form_tag account_terms_path, :method => :put do %>
  <!-- legale is <%= @legale %> -->
  <p class="text-body-secondary"><%= t ".read and accept with tou" %></p>
  <h4>