Added flash notice for CTs decline

Also ensured that CTs are either accepted or declined and cannot be inadvertently bypassed.
2011-04-18 00:03:39 +01:00 · 2011-04-18 00:03:39 +01:00 · c21aa5933a
commit c21aa5933a
parent 2ba5067fcf
4 changed files with 55 additions and 2 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -15,6 +15,16 @@ class ApplicationController < ActionController::Base
        session_expires_automatically

        redirect_to :controller => "user", :action => "suspended"
+
+        # don't allow access to any auth-requiring part of the site unless
+        # the new CTs have been seen (and accept/decline chosen).
+      elsif !@user.terms_seen and flash[:showing_terms].nil?
+        flash[:notice] = t 'user.terms.you need to accept or decline'
+        if params[:referer]
+          redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
+        else
+          redirect_to :controller => "user", :action => "terms", :referer => request.request_uri
+        end
      end
    elsif session[:token]
      @user = User.authenticate(:token => session[:token])
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -1,6 +1,7 @@
 class UserController < ApplicationController
  layout :choose_layout

+  before_filter :disable_terms_redirect, :only => [:terms, :save]
  before_filter :authorize, :only => [:api_details, :api_gpx_files]
  before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
  before_filter :set_locale, :except => [:api_details, :api_gpx_files]
@ -55,7 +56,10 @@ class UserController < ApplicationController
    elsif params[:decline]
      if @user
        @user.terms_seen = true
-        @user.save
+
+        if @user.save
+          flash[:notice] = t 'user.new.terms declined', :url => t('user.new.terms declined url')
+        end

        if params[:referer]
          redirect_to params[:referer]
@ -511,4 +515,13 @@ private
      'site'
    end
  end
+
+  ##
+  #
+  def disable_terms_redirect
+    # this is necessary otherwise going to the user terms page, when 
+    # having not agreed already would cause an infinite redirect loop.
+    # it's .now so that this doesn't propagate to other pages.
+    flash.now[:showing_terms] = true
+  end
 end