cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into openid

Browse source 
Conflicts:
	app/controllers/user_controller.rb
	app/views/user/terms.html.erb
	test/fixtures/users.yml
This commit is contained in:
Tom Hughes 2011-05-21 12:14:56 +01:00
commit 832b96b75a
299 changed files with 19654 additions and 6456 deletions
Download patch file Download diff file Expand all files Collapse all files

47
app/controllers/application_controller.rb
View file

@ -15,6 +15,16 @@ class ApplicationController < ActionController::Base
session_expires_automatically
redirect_to :controller => "user", :action => "suspended"
# don't allow access to any auth-requiring part of the site unless
# the new CTs have been seen (and accept/decline chosen).
elsif !@user.terms_seen and flash[:skip_terms].nil?
flash[:notice] = t 'user.terms.you need to accept or decline'
if params[:referer]
redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
else
redirect_to :controller => "user", :action => "terms", :referer => request.request_uri
end
end
elsif session[:token]
@user = User.authenticate(:token => session[:token])
@ -99,10 +109,21 @@ class ApplicationController < ActionController::Base
end
end
# check if the user has been banned
unless @user.nil? or @user.active_blocks.empty?
# NOTE: need slightly more helpful message than this.
render :text => t('application.setup_user_auth.blocked'), :status => :forbidden
# have we identified the user?
if @user
# check if the user has been banned
if not @user.active_blocks.empty?
# NOTE: need slightly more helpful message than this.
report_error t('application.setup_user_auth.blocked'), :forbidden
end
# if the user hasn't seen the contributor terms then don't
# allow editing - they have to go to the web site and see
# (but can decline) the CTs to continue.
if REQUIRE_TERMS_SEEN and not @user.terms_seen and flash[:skip_terms].nil?
set_locale
report_error t('application.setup_user_auth.need_to_see_terms'), :forbidden
end
end
end
@ -189,6 +210,24 @@ class ApplicationController < ActionController::Base
end
end
if request.compatible_language_from(I18n.available_locales).nil?
request.user_preferred_languages = request.user_preferred_languages.collect do |pl|
pls = [ pl ]
while pl.match(/^(.*)-[^-]+$/)
pls.push($1) if I18n.available_locales.include?($1.to_sym)
pl = $1
end
pls
end.flatten
if @user and not request.compatible_language_from(I18n.available_locales).nil?
@user.languages = request.user_preferred_languages
@user.save
end
end
I18n.locale = request.compatible_language_from(I18n.available_locales)
response.headers['Content-Language'] = I18n.locale.to_s

4
app/controllers/changeset_controller.rb
View file

@ -312,6 +312,8 @@ class ChangesetController < ApplicationController
@page = (params[:page] || 1).to_i
@page_size = 20
@bbox = bbox
@edits = Changeset.find(:all,
:include => [:user, :changeset_tags],
:conditions => conditions,
@ -436,7 +438,7 @@ private
# query changesets which are closed
# ('closed at' time has passed or changes limit is hit)
def conditions_closed(closed)
return closed.nil? ? nil : ['closed_at < ? or num_changes > ?',
return closed.nil? ? nil : ['(closed_at < ? or num_changes > ?)',
Time.now.getutc, Changeset::MAX_ELEMENTS]
end

2
app/controllers/oauth_controller.rb
View file

@ -1,5 +1,5 @@
class OauthController < ApplicationController
layout 'site'
layout 'slim'
before_filter :authorize_web, :only => [:oauthorize, :revoke]
before_filter :set_locale, :only => [:oauthorize, :revoke]

2
app/controllers/site_controller.rb
View file

@ -64,7 +64,7 @@ class SiteController < ApplicationController
#Currently this results in potlatch starting up at 0,0 (Atlantic ocean).
end
@zoom = '14' if @zoom.nil?
@zoom = '17' if @zoom.nil?
end
end
end

78
app/controllers/user_controller.rb
View file

@ -1,6 +1,7 @@
class UserController < ApplicationController
layout 'site', :except => :api_details
layout :choose_layout
before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
before_filter :authorize, :only => [:api_details, :api_gpx_files]
before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
before_filter :set_locale, :except => [:api_details, :api_gpx_files]
@ -24,7 +25,7 @@ class UserController < ApplicationController
if request.xhr?
render :update do |page|
page.replace_html "contributorTerms", :partial => "terms", :locals => { :has_decline => params[:has_decline] }
page.replace_html "contributorTerms", :partial => "terms"
end
elsif using_open_id?
# The redirect from the OpenID provider reenters here
@ -84,17 +85,36 @@ class UserController < ApplicationController
if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"})
render :action => 'new'
elsif params[:decline]
redirect_to t('user.terms.declined')
if @user
@user.terms_seen = true
if @user.save
flash[:notice] = t 'user.new.terms declined', :url => t('user.new.terms declined url')
end
if params[:referer]
redirect_to params[:referer]
else
redirect_to :action => :account, :display_name => @user.display_name
end
else
redirect_to t('user.terms.declined')
end
elsif @user
if !@user.terms_agreed?
@user.consider_pd = params[:user][:consider_pd]
@user.terms_agreed = Time.now.getutc
@user.terms_seen = true
if @user.save
flash[:notice] = t 'user.new.terms accepted'
end
end
redirect_to :action => :account, :display_name => @user.display_name
if params[:referer]
redirect_to params[:referer]
else
redirect_to :action => :account, :display_name => @user.display_name
end
else
@user = User.new(params[:user])
@ -104,14 +124,15 @@ class UserController < ApplicationController
@user.creation_ip = request.remote_ip
@user.languages = request.user_preferred_languages
@user.terms_agreed = Time.now.getutc
@user.terms_seen = true
if @user.save
flash[:notice] = t 'user.new.flash create success message', :email => @user.email
Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer)))
session[:token] = @user.tokens.create.token
redirect_to :action => 'login'
redirect_to :action => 'login', :referer => params[:referer]
else
render :action => 'new'
render :action => 'new', :referer => params[:referer]
end
end
end
@ -581,15 +602,22 @@ private
# process a successful login
def successful_login(user)
session[:user] = user.id
session_expires_after 1.month if session[:remember_me]
if user.blocked_on_view
redirect_to user.blocked_on_view, :referer => params[:referer]
elsif session[:referer]
redirect_to session[:referer]
target = params[:referer] || url_for(:controller => :site, :action => :index)
# The user is logged in, so decide where to send them:
#
# - If they haven't seen the contributor terms, send them there.
# - If they have a block on them, show them that.
# - If they were referred to the login, send them back there.
# - Otherwise, send them to the home page.
if REQUIRE_TERMS_SEEN and not user.terms_seen
redirect_to :controller => :user, :action => :terms, :referer => target
elsif user.blocked_on_view
redirect_to user.blocked_on_view, :referer => target
else
redirect_to :controller => 'site', :action => 'index'
redirect_to target
end
session.delete(:remember_me)
@ -651,4 +679,28 @@ private
rescue ActiveRecord::RecordNotFound
redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user
end
##
# Choose the layout to use. See
# https://rails.lighthouseapp.com/projects/8994/tickets/5371-layout-with-onlyexcept-options-makes-other-actions-render-without-layouts
def choose_layout
oauth_url = url_for(:controller => :oauth, :action => :oauthorize, :only_path => true)
if [ 'api_details' ].include? action_name
nil
elsif params[:referer] and URI.parse(params[:referer]).path == oauth_url
'slim'
else
'site'
end
end
##
#
def disable_terms_redirect
# this is necessary otherwise going to the user terms page, when
# having not agreed already would cause an infinite redirect loop.
# it's .now so that this doesn't propagate to other pages.
flash.now[:skip_terms] = true
end
end