Merge branch 'master' into moderation
This commit is contained in:
Andy Allan
commit
e31376e28d
127 changed files with 4889 additions and 2105 deletions
|
|
@ -305,7 +305,7 @@ class ApiController < ApplicationController
|
|||
def permissions
|
||||
@permissions = if current_token.present?
|
||||
ClientApplication.all_permissions.select { |p| current_token.read_attribute(p) }
|
||||
elsif @user
|
||||
elsif current_user
|
||||
ClientApplication.all_permissions
|
||||
else
|
||||
[]
|
||||
|
|
|
|||
|
|
@ -5,11 +5,14 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
before_action :fetch_body
|
||||
|
||||
attr_accessor :current_user
|
||||
helper_method :current_user
|
||||
|
||||
def authorize_web
|
||||
if session[:user]
|
||||
@user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
|
||||
self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
|
||||
|
||||
if @user.status == "suspended"
|
||||
if current_user.status == "suspended"
|
||||
session.delete(:user)
|
||||
session_expires_automatically
|
||||
|
||||
|
|
@ -17,7 +20,7 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
# don't allow access to any auth-requiring part of the site unless
|
||||
# the new CTs have been seen (and accept/decline chosen).
|
||||
elsif !@user.terms_seen && flash[:skip_terms].nil?
|
||||
elsif !current_user.terms_seen && flash[:skip_terms].nil?
|
||||
flash[:notice] = t "user.terms.you need to accept or decline"
|
||||
if params[:referer]
|
||||
redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
|
||||
|
|
@ -26,18 +29,18 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
end
|
||||
elsif session[:token]
|
||||
if @user = User.authenticate(:token => session[:token])
|
||||
session[:user] = @user.id
|
||||
if self.current_user = User.authenticate(:token => session[:token])
|
||||
session[:user] = current_user.id
|
||||
end
|
||||
end
|
||||
rescue StandardError => ex
|
||||
logger.info("Exception authorizing user: #{ex}")
|
||||
reset_session
|
||||
@user = nil
|
||||
self.current_user = nil
|
||||
end
|
||||
|
||||
def require_user
|
||||
unless @user
|
||||
unless current_user
|
||||
if request.get?
|
||||
redirect_to :controller => "user", :action => "login", :referer => request.fullpath
|
||||
else
|
||||
|
|
@ -47,7 +50,7 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
|
||||
def require_oauth
|
||||
@oauth = @user.access_token(OAUTH_KEY) if @user && defined? OAUTH_KEY
|
||||
@oauth = current_user.access_token(OAUTH_KEY) if current_user && defined? OAUTH_KEY
|
||||
end
|
||||
|
||||
##
|
||||
|
|
@ -100,7 +103,7 @@ class ApplicationController < ActionController::Base
|
|||
def require_allow_write_api
|
||||
require_capability(:allow_write_api)
|
||||
|
||||
if REQUIRE_TERMS_AGREED && @user.terms_agreed.nil?
|
||||
if REQUIRE_TERMS_AGREED && current_user.terms_agreed.nil?
|
||||
report_error "You must accept the contributor terms before you can edit.", :forbidden
|
||||
return false
|
||||
end
|
||||
|
|
@ -122,7 +125,7 @@ class ApplicationController < ActionController::Base
|
|||
# require that the user is a moderator, or fill out a helpful error message
|
||||
# and return them to the index for the controller this is wrapped from.
|
||||
def require_moderator
|
||||
unless @user.moderator?
|
||||
unless current_user.moderator?
|
||||
if request.get?
|
||||
flash[:error] = t("application.require_moderator.not_a_moderator")
|
||||
redirect_to :action => "index"
|
||||
|
|
@ -133,7 +136,7 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
|
||||
##
|
||||
# sets up the @user object for use by other methods. this is mostly called
|
||||
# sets up the current_user for use by other methods. this is mostly called
|
||||
# from the authorize method, but can be called elsewhere if authorisation
|
||||
# is optional.
|
||||
def setup_user_auth
|
||||
|
|
@ -141,19 +144,19 @@ class ApplicationController < ActionController::Base
|
|||
unless Authenticator.new(self, [:token]).allow?
|
||||
username, passwd = get_auth_data # parse from headers
|
||||
# authenticate per-scheme
|
||||
@user = if username.nil?
|
||||
nil # no authentication provided - perhaps first connect (client should retry after 401)
|
||||
elsif username == "token"
|
||||
User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
|
||||
else
|
||||
User.authenticate(:username => username, :password => passwd) # basic auth
|
||||
end
|
||||
self.current_user = if username.nil?
|
||||
nil # no authentication provided - perhaps first connect (client should retry after 401)
|
||||
elsif username == "token"
|
||||
User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
|
||||
else
|
||||
User.authenticate(:username => username, :password => passwd) # basic auth
|
||||
end
|
||||
end
|
||||
|
||||
# have we identified the user?
|
||||
if @user
|
||||
if current_user
|
||||
# check if the user has been banned
|
||||
user_block = @user.blocks.active.take
|
||||
user_block = current_user.blocks.active.take
|
||||
unless user_block.nil?
|
||||
set_locale
|
||||
if user_block.zero_hour?
|
||||
|
|
@ -166,7 +169,7 @@ class ApplicationController < ActionController::Base
|
|||
# if the user hasn't seen the contributor terms then don't
|
||||
# allow editing - they have to go to the web site and see
|
||||
# (but can decline) the CTs to continue.
|
||||
if REQUIRE_TERMS_SEEN && !@user.terms_seen && flash[:skip_terms].nil?
|
||||
if REQUIRE_TERMS_SEEN && !current_user.terms_seen && flash[:skip_terms].nil?
|
||||
set_locale
|
||||
report_error t("application.setup_user_auth.need_to_see_terms"), :forbidden
|
||||
end
|
||||
|
|
@ -178,7 +181,7 @@ class ApplicationController < ActionController::Base
|
|||
setup_user_auth
|
||||
|
||||
# handle authenticate pass/fail
|
||||
unless @user
|
||||
unless current_user
|
||||
# no auth, the user does not exist or the password was wrong
|
||||
response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
|
||||
render :plain => errormessage, :status => :unauthorized
|
||||
|
|
@ -196,7 +199,7 @@ class ApplicationController < ActionController::Base
|
|||
# good idea to do that in this branch.
|
||||
def authorize_moderator(errormessage = "Access restricted to moderators")
|
||||
# check user is a moderator
|
||||
unless @user.moderator?
|
||||
unless current_user.moderator?
|
||||
render :plain => errormessage, :status => :forbidden
|
||||
false
|
||||
end
|
||||
|
|
@ -266,7 +269,7 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
|
||||
def require_public_data
|
||||
unless @user.data_public?
|
||||
unless current_user.data_public?
|
||||
report_error "You must make your edits public to upload new data", :forbidden
|
||||
false
|
||||
end
|
||||
|
|
@ -297,8 +300,8 @@ class ApplicationController < ActionController::Base
|
|||
def preferred_languages
|
||||
@languages ||= if params[:locale]
|
||||
Locale.list(params[:locale])
|
||||
elsif @user
|
||||
@user.preferred_languages
|
||||
elsif current_user
|
||||
current_user.preferred_languages
|
||||
else
|
||||
Locale.list(http_accept_language.user_preferred_languages)
|
||||
end
|
||||
|
|
@ -307,9 +310,9 @@ class ApplicationController < ActionController::Base
|
|||
helper_method :preferred_languages
|
||||
|
||||
def set_locale
|
||||
if @user && @user.languages.empty? && !http_accept_language.user_preferred_languages.empty?
|
||||
@user.languages = http_accept_language.user_preferred_languages
|
||||
@user.save
|
||||
if current_user && current_user.languages.empty? && !http_accept_language.user_preferred_languages.empty?
|
||||
current_user.languages = http_accept_language.user_preferred_languages
|
||||
current_user.save
|
||||
end
|
||||
|
||||
I18n.locale = Locale.available.preferred(preferred_languages)
|
||||
|
|
@ -427,8 +430,8 @@ class ApplicationController < ActionController::Base
|
|||
def preferred_editor
|
||||
editor = if params[:editor]
|
||||
params[:editor]
|
||||
elsif @user && @user.preferred_editor
|
||||
@user.preferred_editor
|
||||
elsif current_user && current_user.preferred_editor
|
||||
current_user.preferred_editor
|
||||
else
|
||||
DEFAULT_EDITOR
|
||||
end
|
||||
|
|
@ -466,16 +469,6 @@ class ApplicationController < ActionController::Base
|
|||
[user, pass]
|
||||
end
|
||||
|
||||
# used by oauth plugin to get the current user
|
||||
def current_user
|
||||
@user
|
||||
end
|
||||
|
||||
# used by oauth plugin to set the current user
|
||||
def current_user=(user)
|
||||
@user = user
|
||||
end
|
||||
|
||||
# override to stop oauth plugin sending errors
|
||||
def invalid_oauth_response; end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ class BrowseController < ApplicationController
|
|||
def changeset
|
||||
@type = "changeset"
|
||||
@changeset = Changeset.find(params[:id])
|
||||
@comments = if @user && @user.moderator?
|
||||
@comments = if current_user && current_user.moderator?
|
||||
@changeset.comments.unscope(:where => :visible).includes(:author)
|
||||
else
|
||||
@changeset.comments.includes(:author)
|
||||
|
|
@ -77,7 +77,7 @@ class BrowseController < ApplicationController
|
|||
def note
|
||||
@type = "note"
|
||||
|
||||
if @user && @user.moderator?
|
||||
if current_user && current_user.moderator?
|
||||
@note = Note.find(params[:id])
|
||||
@note_comments = @note.comments.unscope(:where => :visible)
|
||||
else
|
||||
|
|
|
|||
|
|
@ -28,11 +28,11 @@ class ChangesetController < ApplicationController
|
|||
cs = Changeset.from_xml(request.raw_post, true)
|
||||
|
||||
# Assume that Changeset.from_xml has thrown an exception if there is an error parsing the xml
|
||||
cs.user_id = @user.id
|
||||
cs.user_id = current_user.id
|
||||
cs.save_with_tags!
|
||||
|
||||
# Subscribe user to changeset comments
|
||||
cs.subscribers << @user
|
||||
cs.subscribers << current_user
|
||||
|
||||
render :plain => cs.id.to_s
|
||||
end
|
||||
|
|
@ -53,7 +53,7 @@ class ChangesetController < ApplicationController
|
|||
assert_method :put
|
||||
|
||||
changeset = Changeset.find(params[:id])
|
||||
check_changeset_consistency(changeset, @user)
|
||||
check_changeset_consistency(changeset, current_user)
|
||||
|
||||
# to close the changeset, we'll just set its closed_at time to
|
||||
# now. this might not be enough if there are concurrency issues,
|
||||
|
|
@ -75,7 +75,7 @@ class ChangesetController < ApplicationController
|
|||
assert_method :post
|
||||
|
||||
cs = Changeset.find(params[:id])
|
||||
check_changeset_consistency(cs, @user)
|
||||
check_changeset_consistency(cs, current_user)
|
||||
|
||||
# keep an array of lons and lats
|
||||
lon = []
|
||||
|
|
@ -127,7 +127,7 @@ class ChangesetController < ApplicationController
|
|||
assert_method :post
|
||||
|
||||
changeset = Changeset.find(params[:id])
|
||||
check_changeset_consistency(changeset, @user)
|
||||
check_changeset_consistency(changeset, current_user)
|
||||
|
||||
diff_reader = DiffReader.new(request.raw_post, changeset)
|
||||
Changeset.transaction do
|
||||
|
|
@ -242,8 +242,8 @@ class ChangesetController < ApplicationController
|
|||
changeset = Changeset.find(params[:id])
|
||||
new_changeset = Changeset.from_xml(request.raw_post)
|
||||
|
||||
check_changeset_consistency(changeset, @user)
|
||||
changeset.update_from(new_changeset, @user)
|
||||
check_changeset_consistency(changeset, current_user)
|
||||
changeset.update_from(new_changeset, current_user)
|
||||
render :xml => changeset.to_xml.to_s
|
||||
end
|
||||
|
||||
|
|
@ -265,7 +265,7 @@ class ChangesetController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
if (@params[:friends] || @params[:nearby]) && !@user
|
||||
if (@params[:friends] || @params[:nearby]) && !current_user
|
||||
require_user
|
||||
return
|
||||
end
|
||||
|
|
@ -277,17 +277,17 @@ class ChangesetController < ApplicationController
|
|||
changesets = conditions_nonempty(Changeset.all)
|
||||
|
||||
if @params[:display_name]
|
||||
changesets = if user.data_public? || user == @user
|
||||
changesets = if user.data_public? || user == current_user
|
||||
changesets.where(:user_id => user.id)
|
||||
else
|
||||
changesets.where("false")
|
||||
end
|
||||
elsif @params[:bbox]
|
||||
changesets = conditions_bbox(changesets, BoundingBox.from_bbox_params(params))
|
||||
elsif @params[:friends] && @user
|
||||
changesets = changesets.where(:user_id => @user.friend_users.identifiable)
|
||||
elsif @params[:nearby] && @user
|
||||
changesets = changesets.where(:user_id => @user.nearby)
|
||||
elsif @params[:friends] && current_user
|
||||
changesets = changesets.where(:user_id => current_user.friend_users.identifiable)
|
||||
elsif @params[:nearby] && current_user
|
||||
changesets = changesets.where(:user_id => current_user.nearby)
|
||||
end
|
||||
|
||||
if @params[:max_id]
|
||||
|
|
@ -324,17 +324,17 @@ class ChangesetController < ApplicationController
|
|||
# Add a comment to the changeset
|
||||
comment = changeset.comments.create(:changeset => changeset,
|
||||
:body => body,
|
||||
:author => @user)
|
||||
:author => current_user)
|
||||
|
||||
# Notify current subscribers of the new comment
|
||||
changeset.subscribers.visible.each do |user|
|
||||
if @user != user
|
||||
if current_user != user
|
||||
Notifier.changeset_comment_notification(comment, user).deliver_now
|
||||
end
|
||||
end
|
||||
|
||||
# Add the commenter to the subscribers if necessary
|
||||
changeset.subscribers << @user unless changeset.subscribers.exists?(@user.id)
|
||||
changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id)
|
||||
|
||||
# Return a copy of the updated changeset
|
||||
render :xml => changeset.to_xml.to_s
|
||||
|
|
@ -352,10 +352,10 @@ class ChangesetController < ApplicationController
|
|||
# Find the changeset and check it is valid
|
||||
changeset = Changeset.find(id)
|
||||
raise OSM::APIChangesetNotYetClosedError.new(changeset) if changeset.is_open?
|
||||
raise OSM::APIChangesetAlreadySubscribedError.new(changeset) if changeset.subscribers.exists?(@user.id)
|
||||
raise OSM::APIChangesetAlreadySubscribedError.new(changeset) if changeset.subscribers.exists?(current_user.id)
|
||||
|
||||
# Add the subscriber
|
||||
changeset.subscribers << @user
|
||||
changeset.subscribers << current_user
|
||||
|
||||
# Return a copy of the updated changeset
|
||||
render :xml => changeset.to_xml.to_s
|
||||
|
|
@ -373,10 +373,10 @@ class ChangesetController < ApplicationController
|
|||
# Find the changeset and check it is valid
|
||||
changeset = Changeset.find(id)
|
||||
raise OSM::APIChangesetNotYetClosedError.new(changeset) if changeset.is_open?
|
||||
raise OSM::APIChangesetNotSubscribedError.new(changeset) unless changeset.subscribers.exists?(@user.id)
|
||||
raise OSM::APIChangesetNotSubscribedError.new(changeset) unless changeset.subscribers.exists?(current_user.id)
|
||||
|
||||
# Remove the subscriber
|
||||
changeset.subscribers.delete(@user)
|
||||
changeset.subscribers.delete(current_user)
|
||||
|
||||
# Return a copy of the updated changeset
|
||||
render :xml => changeset.to_xml.to_s
|
||||
|
|
@ -496,7 +496,7 @@ class ChangesetController < ApplicationController
|
|||
# changesets if they're non-public
|
||||
setup_user_auth
|
||||
|
||||
raise OSM::APINotFoundError if @user.nil? || @user.id != u.id
|
||||
raise OSM::APINotFoundError if current_user.nil? || current_user.id != u.id
|
||||
end
|
||||
|
||||
changesets.where(:user_id => u.id)
|
||||
|
|
|
|||
|
|
@ -14,27 +14,27 @@ class DiaryEntryController < ApplicationController
|
|||
|
||||
if request.post?
|
||||
@diary_entry = DiaryEntry.new(entry_params)
|
||||
@diary_entry.user = @user
|
||||
@diary_entry.user = current_user
|
||||
|
||||
if @diary_entry.save
|
||||
default_lang = @user.preferences.where(:k => "diary.default_language").first
|
||||
default_lang = current_user.preferences.where(:k => "diary.default_language").first
|
||||
if default_lang
|
||||
default_lang.v = @diary_entry.language_code
|
||||
default_lang.save!
|
||||
else
|
||||
@user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code)
|
||||
current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code)
|
||||
end
|
||||
|
||||
# Subscribe user to diary comments
|
||||
@diary_entry.subscriptions.create(:user => @user)
|
||||
@diary_entry.subscriptions.create(:user => current_user)
|
||||
|
||||
redirect_to :action => "list", :display_name => @user.display_name
|
||||
redirect_to :action => "list", :display_name => current_user.display_name
|
||||
else
|
||||
render :action => "edit"
|
||||
end
|
||||
else
|
||||
default_lang = @user.preferences.where(:k => "diary.default_language").first
|
||||
lang_code = default_lang ? default_lang.v : @user.preferred_language
|
||||
default_lang = current_user.preferences.where(:k => "diary.default_language").first
|
||||
lang_code = default_lang ? default_lang.v : current_user.preferred_language
|
||||
@diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code))
|
||||
set_map_location
|
||||
render :action => "edit"
|
||||
|
|
@ -45,7 +45,7 @@ class DiaryEntryController < ApplicationController
|
|||
@title = t "diary_entry.edit.title"
|
||||
@diary_entry = DiaryEntry.find(params[:id])
|
||||
|
||||
if @user != @diary_entry.user
|
||||
if current_user != @diary_entry.user
|
||||
redirect_to :action => "view", :id => params[:id]
|
||||
elsif params[:diary_entry] && @diary_entry.update_attributes(entry_params)
|
||||
redirect_to :action => "view", :id => params[:id]
|
||||
|
|
@ -59,18 +59,18 @@ class DiaryEntryController < ApplicationController
|
|||
def comment
|
||||
@entry = DiaryEntry.find(params[:id])
|
||||
@diary_comment = @entry.comments.build(comment_params)
|
||||
@diary_comment.user = @user
|
||||
@diary_comment.user = current_user
|
||||
if @diary_comment.save
|
||||
|
||||
# Notify current subscribers of the new comment
|
||||
@entry.subscribers.visible.each do |user|
|
||||
if @user != user
|
||||
if current_user != user
|
||||
Notifier.diary_comment_notification(@diary_comment, user).deliver_now
|
||||
end
|
||||
end
|
||||
|
||||
# Add the commenter to the subscribers if necessary
|
||||
@entry.subscriptions.create(:user => @user) unless @entry.subscribers.exists?(@user.id)
|
||||
@entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id)
|
||||
|
||||
redirect_to :action => "view", :display_name => @entry.user.display_name, :id => @entry.id
|
||||
else
|
||||
|
|
@ -83,7 +83,7 @@ class DiaryEntryController < ApplicationController
|
|||
def subscribe
|
||||
diary_entry = DiaryEntry.find(params[:id])
|
||||
|
||||
diary_entry.subscriptions.create(:user => @user) unless diary_entry.subscribers.exists?(@user.id)
|
||||
diary_entry.subscriptions.create(:user => current_user) unless diary_entry.subscribers.exists?(current_user.id)
|
||||
|
||||
redirect_to :action => "view", :display_name => diary_entry.user.display_name, :id => diary_entry.id
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
|
|
@ -93,7 +93,7 @@ class DiaryEntryController < ApplicationController
|
|||
def unsubscribe
|
||||
diary_entry = DiaryEntry.find(params[:id])
|
||||
|
||||
diary_entry.subscriptions.where(:user => @user).delete_all if diary_entry.subscribers.exists?(@user.id)
|
||||
diary_entry.subscriptions.where(:user => current_user).delete_all if diary_entry.subscribers.exists?(current_user.id)
|
||||
|
||||
redirect_to :action => "view", :display_name => diary_entry.user.display_name, :id => diary_entry.id
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
|
|
@ -112,17 +112,17 @@ class DiaryEntryController < ApplicationController
|
|||
return
|
||||
end
|
||||
elsif params[:friends]
|
||||
if @user
|
||||
if current_user
|
||||
@title = t "diary_entry.list.title_friends"
|
||||
@entries = DiaryEntry.where(:user_id => @user.friend_users)
|
||||
@entries = DiaryEntry.where(:user_id => current_user.friend_users)
|
||||
else
|
||||
require_user
|
||||
return
|
||||
end
|
||||
elsif params[:nearby]
|
||||
if @user
|
||||
if current_user
|
||||
@title = t "diary_entry.list.title_nearby"
|
||||
@entries = DiaryEntry.where(:user_id => @user.nearby)
|
||||
@entries = DiaryEntry.where(:user_id => current_user.nearby)
|
||||
else
|
||||
require_user
|
||||
return
|
||||
|
|
@ -237,7 +237,7 @@ class DiaryEntryController < ApplicationController
|
|||
# require that the user is a administrator, or fill out a helpful error message
|
||||
# and return them to the user page.
|
||||
def require_administrator
|
||||
unless @user.administrator?
|
||||
unless current_user.administrator?
|
||||
flash[:error] = t("user.filter.not_an_administrator")
|
||||
redirect_to :action => "view"
|
||||
end
|
||||
|
|
@ -250,13 +250,13 @@ class DiaryEntryController < ApplicationController
|
|||
@lon = @diary_entry.longitude
|
||||
@lat = @diary_entry.latitude
|
||||
@zoom = 12
|
||||
elsif @user.home_lat.nil? || @user.home_lon.nil?
|
||||
elsif current_user.home_lat.nil? || current_user.home_lon.nil?
|
||||
@lon = params[:lon] || -0.1
|
||||
@lat = params[:lat] || 51.5
|
||||
@zoom = params[:zoom] || 4
|
||||
else
|
||||
@lon = @user.home_lon
|
||||
@lat = @user.home_lat
|
||||
@lon = current_user.home_lon
|
||||
@lat = current_user.home_lat
|
||||
@zoom = 12
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -14,18 +14,18 @@ class MessageController < ApplicationController
|
|||
# The display_name param is the display name of the user that the message is being sent to.
|
||||
def new
|
||||
if request.post?
|
||||
if @user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR
|
||||
if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR
|
||||
flash[:error] = t "message.new.limit_exceeded"
|
||||
else
|
||||
@message = Message.new(message_params)
|
||||
@message.to_user_id = @this_user.id
|
||||
@message.from_user_id = @user.id
|
||||
@message.from_user_id = current_user.id
|
||||
@message.sent_on = Time.now.getutc
|
||||
|
||||
if @message.save
|
||||
flash[:notice] = t "message.new.message_sent"
|
||||
Notifier.message_notification(@message).deliver_now
|
||||
redirect_to :action => "inbox", :display_name => @user.display_name
|
||||
redirect_to :action => "inbox", :display_name => current_user.display_name
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -38,7 +38,7 @@ class MessageController < ApplicationController
|
|||
def reply
|
||||
message = Message.find(params[:message_id])
|
||||
|
||||
if message.to_user_id == @user.id
|
||||
if message.to_user_id == current_user.id
|
||||
message.update(:message_read => true)
|
||||
|
||||
@message = Message.new(
|
||||
|
|
@ -51,7 +51,7 @@ class MessageController < ApplicationController
|
|||
|
||||
render :action => "new"
|
||||
else
|
||||
flash[:notice] = t "message.reply.wrong_user", :user => @user.display_name
|
||||
flash[:notice] = t "message.reply.wrong_user", :user => current_user.display_name
|
||||
redirect_to :controller => "user", :action => "login", :referer => request.fullpath
|
||||
end
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
|
|
@ -64,11 +64,11 @@ class MessageController < ApplicationController
|
|||
@title = t "message.read.title"
|
||||
@message = Message.find(params[:message_id])
|
||||
|
||||
if @message.to_user_id == @user.id || @message.from_user_id == @user.id
|
||||
@message.message_read = true if @message.to_user_id == @user.id
|
||||
if @message.to_user_id == current_user.id || @message.from_user_id == current_user.id
|
||||
@message.message_read = true if @message.to_user_id == current_user.id
|
||||
@message.save
|
||||
else
|
||||
flash[:notice] = t "message.read.wrong_user", :user => @user.display_name
|
||||
flash[:notice] = t "message.read.wrong_user", :user => current_user.display_name
|
||||
redirect_to :controller => "user", :action => "login", :referer => request.fullpath
|
||||
end
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
|
|
@ -79,24 +79,24 @@ class MessageController < ApplicationController
|
|||
# Display the list of messages that have been sent to the user.
|
||||
def inbox
|
||||
@title = t "message.inbox.title"
|
||||
if @user && params[:display_name] == @user.display_name
|
||||
if current_user && params[:display_name] == current_user.display_name
|
||||
else
|
||||
redirect_to :action => "inbox", :display_name => @user.display_name
|
||||
redirect_to :action => "inbox", :display_name => current_user.display_name
|
||||
end
|
||||
end
|
||||
|
||||
# Display the list of messages that the user has sent to other users.
|
||||
def outbox
|
||||
@title = t "message.outbox.title"
|
||||
if @user && params[:display_name] == @user.display_name
|
||||
if current_user && params[:display_name] == current_user.display_name
|
||||
else
|
||||
redirect_to :action => "outbox", :display_name => @user.display_name
|
||||
redirect_to :action => "outbox", :display_name => current_user.display_name
|
||||
end
|
||||
end
|
||||
|
||||
# Set the message as being read or unread.
|
||||
def mark
|
||||
@message = Message.where("to_user_id = ? OR from_user_id = ?", @user.id, @user.id).find(params[:message_id])
|
||||
@message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
|
||||
if params[:mark] == "unread"
|
||||
message_read = false
|
||||
notice = t "message.mark.as_unread"
|
||||
|
|
@ -107,7 +107,7 @@ class MessageController < ApplicationController
|
|||
@message.message_read = message_read
|
||||
if @message.save && !request.xhr?
|
||||
flash[:notice] = notice
|
||||
redirect_to :action => "inbox", :display_name => @user.display_name
|
||||
redirect_to :action => "inbox", :display_name => current_user.display_name
|
||||
end
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
@title = t "message.no_such_message.title"
|
||||
|
|
@ -116,16 +116,16 @@ class MessageController < ApplicationController
|
|||
|
||||
# Delete the message.
|
||||
def delete
|
||||
@message = Message.where("to_user_id = ? OR from_user_id = ?", @user.id, @user.id).find(params[:message_id])
|
||||
@message.from_user_visible = false if @message.sender == @user
|
||||
@message.to_user_visible = false if @message.recipient == @user
|
||||
@message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
|
||||
@message.from_user_visible = false if @message.sender == current_user
|
||||
@message.to_user_visible = false if @message.recipient == current_user
|
||||
if @message.save && !request.xhr?
|
||||
flash[:notice] = t "message.delete.deleted"
|
||||
|
||||
if params[:referer]
|
||||
redirect_to params[:referer]
|
||||
else
|
||||
redirect_to :action => "inbox", :display_name => @user.display_name
|
||||
redirect_to :action => "inbox", :display_name => current_user.display_name
|
||||
end
|
||||
end
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ class NodeController < ApplicationController
|
|||
node = Node.from_xml(request.raw_post, true)
|
||||
|
||||
# Assume that Node.from_xml has thrown an exception if there is an error parsing the xml
|
||||
node.create_with_history @user
|
||||
node.create_with_history current_user
|
||||
render :plain => node.id.to_s
|
||||
end
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ class NodeController < ApplicationController
|
|||
raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
|
||||
end
|
||||
|
||||
node.update_from(new_node, @user)
|
||||
node.update_from(new_node, current_user)
|
||||
render :plain => node.version.to_s
|
||||
end
|
||||
|
||||
|
|
@ -58,7 +58,7 @@ class NodeController < ApplicationController
|
|||
unless new_node && new_node.id == node.id
|
||||
raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
|
||||
end
|
||||
node.delete_with_history!(new_node, @user)
|
||||
node.delete_with_history!(new_node, current_user)
|
||||
render :plain => node.version.to_s
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ class NotesController < ApplicationController
|
|||
# Find the note and check it is valid
|
||||
@note = Note.find_by(:id => id)
|
||||
raise OSM::APINotFoundError unless @note
|
||||
raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || @user.moderator?
|
||||
raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator?
|
||||
raise OSM::APINoteAlreadyOpenError.new(@note) unless @note.closed? || !@note.visible?
|
||||
|
||||
# Reopen the note and add a comment
|
||||
|
|
@ -286,7 +286,7 @@ class NotesController < ApplicationController
|
|||
@page = (params[:page] || 1).to_i
|
||||
@page_size = 10
|
||||
@notes = @this_user.notes
|
||||
@notes = @notes.visible unless @user && @user.moderator?
|
||||
@notes = @notes.visible unless current_user && current_user.moderator?
|
||||
@notes = @notes.order("updated_at DESC, id").distinct.offset((@page - 1) * @page_size).limit(@page_size).preload(:comments => :author).to_a
|
||||
else
|
||||
@title = t "user.no_such_user.title"
|
||||
|
|
@ -341,8 +341,8 @@ class NotesController < ApplicationController
|
|||
def add_comment(note, text, event, notify = true)
|
||||
attributes = { :visible => true, :event => event, :body => text }
|
||||
|
||||
if @user
|
||||
attributes[:author_id] = @user.id
|
||||
if current_user
|
||||
attributes[:author_id] = current_user.id
|
||||
else
|
||||
attributes[:author_ip] = request.remote_ip
|
||||
end
|
||||
|
|
@ -350,7 +350,7 @@ class NotesController < ApplicationController
|
|||
comment = note.comments.create!(attributes)
|
||||
|
||||
note.comments.map(&:author).uniq.each do |user|
|
||||
if notify && user && user != @user && user.visible?
|
||||
if notify && user && user != current_user && user.visible?
|
||||
Notifier.note_comment_notification(comment, user).deliver_now
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ class OauthClientsController < ApplicationController
|
|||
before_action :require_user
|
||||
|
||||
def index
|
||||
@client_applications = @user.client_applications
|
||||
@tokens = @user.oauth_tokens.authorized
|
||||
@client_applications = current_user.client_applications
|
||||
@tokens = current_user.oauth_tokens.authorized
|
||||
end
|
||||
|
||||
def new
|
||||
|
|
@ -15,7 +15,7 @@ class OauthClientsController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
@client_application = @user.client_applications.build(application_params)
|
||||
@client_application = current_user.client_applications.build(application_params)
|
||||
if @client_application.save
|
||||
flash[:notice] = t "oauth_clients.create.flash"
|
||||
redirect_to :action => "show", :id => @client_application.id
|
||||
|
|
@ -25,21 +25,21 @@ class OauthClientsController < ApplicationController
|
|||
end
|
||||
|
||||
def show
|
||||
@client_application = @user.client_applications.find(params[:id])
|
||||
@client_application = current_user.client_applications.find(params[:id])
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
@type = "client application"
|
||||
render :action => "not_found", :status => :not_found
|
||||
end
|
||||
|
||||
def edit
|
||||
@client_application = @user.client_applications.find(params[:id])
|
||||
@client_application = current_user.client_applications.find(params[:id])
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
@type = "client application"
|
||||
render :action => "not_found", :status => :not_found
|
||||
end
|
||||
|
||||
def update
|
||||
@client_application = @user.client_applications.find(params[:id])
|
||||
@client_application = current_user.client_applications.find(params[:id])
|
||||
if @client_application.update_attributes(application_params)
|
||||
flash[:notice] = t "oauth_clients.update.flash"
|
||||
redirect_to :action => "show", :id => @client_application.id
|
||||
|
|
@ -52,7 +52,7 @@ class OauthClientsController < ApplicationController
|
|||
end
|
||||
|
||||
def destroy
|
||||
@client_application = @user.client_applications.find(params[:id])
|
||||
@client_application = current_user.client_applications.find(params[:id])
|
||||
@client_application.destroy
|
||||
flash[:notice] = t "oauth_clients.destroy.flash"
|
||||
redirect_to :action => "index"
|
||||
|
|
|
|||
|
|
@ -70,6 +70,6 @@ class OldController < ApplicationController
|
|||
private
|
||||
|
||||
def show_redactions?
|
||||
@user && @user.moderator? && params[:show_redactions] == "true"
|
||||
current_user && current_user.moderator? && params[:show_redactions] == "true"
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ class RedactionsController < ApplicationController
|
|||
|
||||
def create
|
||||
@redaction = Redaction.new
|
||||
@redaction.user = @user
|
||||
@redaction.user = current_user
|
||||
@redaction.title = params[:redaction][:title]
|
||||
@redaction.description = params[:redaction][:description]
|
||||
# note that the description format will default to 'markdown'
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ class RelationController < ApplicationController
|
|||
relation = Relation.from_xml(request.raw_post, true)
|
||||
|
||||
# Assume that Relation.from_xml has thrown an exception if there is an error parsing the xml
|
||||
relation.create_with_history @user
|
||||
relation.create_with_history current_user
|
||||
render :plain => relation.id.to_s
|
||||
end
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ class RelationController < ApplicationController
|
|||
raise OSM::APIBadUserInput.new("The id in the url (#{relation.id}) is not the same as provided in the xml (#{new_relation.id})")
|
||||
end
|
||||
|
||||
relation.update_from new_relation, @user
|
||||
relation.update_from new_relation, current_user
|
||||
render :plain => relation.version.to_s
|
||||
end
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ class RelationController < ApplicationController
|
|||
relation = Relation.find(params[:id])
|
||||
new_relation = Relation.from_xml(request.raw_post)
|
||||
if new_relation && new_relation.id == relation.id
|
||||
relation.delete_with_history!(new_relation, @user)
|
||||
relation.delete_with_history!(new_relation, current_user)
|
||||
render :plain => relation.version.to_s
|
||||
else
|
||||
head :bad_request
|
||||
|
|
|
|||
|
|
@ -92,8 +92,8 @@ class SiteController < ApplicationController
|
|||
@lat = note.lat
|
||||
@lon = note.lon
|
||||
@zoom = 17
|
||||
elsif params[:gpx] && @user
|
||||
trace = Trace.visible_to(@user).find(params[:gpx])
|
||||
elsif params[:gpx] && current_user
|
||||
trace = Trace.visible_to(current_user).find(params[:gpx])
|
||||
@lat = trace.latitude
|
||||
@lon = trace.longitude
|
||||
@zoom = 16
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ class TraceController < ApplicationController
|
|||
# set title
|
||||
@title = if target_user.nil?
|
||||
t "trace.list.public_traces"
|
||||
elsif @user && @user == target_user
|
||||
elsif current_user && current_user == target_user
|
||||
t "trace.list.your_traces"
|
||||
else
|
||||
t "trace.list.public_traces_from", :user => target_user.display_name
|
||||
|
|
@ -46,13 +46,13 @@ class TraceController < ApplicationController
|
|||
# 3 - user's traces, logged in as same user = all user's traces
|
||||
# 4 - user's traces, not logged in as that user = all user's public traces
|
||||
@traces = if target_user.nil? # all traces
|
||||
if @user
|
||||
Trace.visible_to(@user) # 1
|
||||
if current_user
|
||||
Trace.visible_to(current_user) # 1
|
||||
else
|
||||
Trace.visible_to_all # 2
|
||||
end
|
||||
elsif @user && @user == target_user
|
||||
@user.traces # 3 (check vs user id, so no join + can't pick up non-public traces by changing name)
|
||||
elsif current_user && current_user == target_user
|
||||
current_user.traces # 3 (check vs user id, so no join + can't pick up non-public traces by changing name)
|
||||
else
|
||||
target_user.traces.visible_to_all # 4
|
||||
end
|
||||
|
|
@ -86,14 +86,14 @@ class TraceController < ApplicationController
|
|||
end
|
||||
|
||||
def mine
|
||||
redirect_to :action => :list, :display_name => @user.display_name
|
||||
redirect_to :action => :list, :display_name => current_user.display_name
|
||||
end
|
||||
|
||||
def view
|
||||
@trace = Trace.find(params[:id])
|
||||
|
||||
if @trace && @trace.visible? &&
|
||||
(@trace.public? || @trace.user == @user)
|
||||
(@trace.public? || @trace.user == current_user)
|
||||
@title = t "trace.view.title", :name => @trace.name
|
||||
else
|
||||
flash[:error] = t "trace.view.trace_not_found"
|
||||
|
|
@ -119,18 +119,18 @@ class TraceController < ApplicationController
|
|||
if @trace.id
|
||||
flash[:notice] = t "trace.create.trace_uploaded"
|
||||
|
||||
if @user.traces.where(:inserted => false).count > 4
|
||||
flash[:warning] = t "trace.trace_header.traces_waiting", :count => @user.traces.where(:inserted => false).count
|
||||
if current_user.traces.where(:inserted => false).count > 4
|
||||
flash[:warning] = t "trace.trace_header.traces_waiting", :count => current_user.traces.where(:inserted => false).count
|
||||
end
|
||||
|
||||
redirect_to :action => :list, :display_name => @user.display_name
|
||||
redirect_to :action => :list, :display_name => current_user.display_name
|
||||
end
|
||||
else
|
||||
@trace = Trace.new(:name => "Dummy",
|
||||
:tagstring => params[:trace][:tagstring],
|
||||
:description => params[:trace][:description],
|
||||
:visibility => params[:trace][:visibility],
|
||||
:inserted => false, :user => @user,
|
||||
:inserted => false, :user => current_user,
|
||||
:timestamp => Time.now.getutc)
|
||||
@trace.valid?
|
||||
@trace.errors.add(:gpx_file, "can't be blank")
|
||||
|
|
@ -145,7 +145,7 @@ class TraceController < ApplicationController
|
|||
def data
|
||||
trace = Trace.find(params[:id])
|
||||
|
||||
if trace.visible? && (trace.public? || (@user && @user == trace.user))
|
||||
if trace.visible? && (trace.public? || (current_user && current_user == trace.user))
|
||||
if Acl.no_trace_download(request.remote_ip)
|
||||
head :forbidden
|
||||
elsif request.format == Mime[:xml]
|
||||
|
|
@ -167,7 +167,7 @@ class TraceController < ApplicationController
|
|||
|
||||
if !@trace.visible?
|
||||
head :not_found
|
||||
elsif @user.nil? || @trace.user != @user
|
||||
elsif current_user.nil? || @trace.user != current_user
|
||||
head :forbidden
|
||||
else
|
||||
@title = t "trace.edit.title", :name => @trace.name
|
||||
|
|
@ -177,7 +177,7 @@ class TraceController < ApplicationController
|
|||
@trace.tagstring = params[:trace][:tagstring]
|
||||
@trace.visibility = params[:trace][:visibility]
|
||||
if @trace.save
|
||||
redirect_to :action => "view", :display_name => @user.display_name
|
||||
redirect_to :action => "view", :display_name => current_user.display_name
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -190,13 +190,13 @@ class TraceController < ApplicationController
|
|||
|
||||
if !trace.visible?
|
||||
head :not_found
|
||||
elsif @user.nil? || trace.user != @user
|
||||
elsif current_user.nil? || trace.user != current_user
|
||||
head :forbidden
|
||||
else
|
||||
trace.visible = false
|
||||
trace.save
|
||||
flash[:notice] = t "trace.delete.scheduled_for_deletion"
|
||||
redirect_to :action => :list, :display_name => @user.display_name
|
||||
redirect_to :action => :list, :display_name => current_user.display_name
|
||||
end
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
head :not_found
|
||||
|
|
@ -219,7 +219,7 @@ class TraceController < ApplicationController
|
|||
trace = Trace.find(params[:id])
|
||||
|
||||
if trace.visible? && trace.inserted?
|
||||
if trace.public? || (@user && @user == trace.user)
|
||||
if trace.public? || (current_user && current_user == trace.user)
|
||||
expires_in 7.days, :private => !trace.public?, :public => trace.public?
|
||||
send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline")
|
||||
else
|
||||
|
|
@ -236,7 +236,7 @@ class TraceController < ApplicationController
|
|||
trace = Trace.find(params[:id])
|
||||
|
||||
if trace.visible? && trace.inserted?
|
||||
if trace.public? || (@user && @user == trace.user)
|
||||
if trace.public? || (current_user && current_user == trace.user)
|
||||
expires_in 7.days, :private => !trace.public?, :public => trace.public?
|
||||
send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline")
|
||||
else
|
||||
|
|
@ -252,7 +252,7 @@ class TraceController < ApplicationController
|
|||
def api_read
|
||||
trace = Trace.visible.find(params[:id])
|
||||
|
||||
if trace.public? || trace.user == @user
|
||||
if trace.public? || trace.user == current_user
|
||||
render :xml => trace.to_xml.to_s
|
||||
else
|
||||
head :forbidden
|
||||
|
|
@ -262,7 +262,7 @@ class TraceController < ApplicationController
|
|||
def api_update
|
||||
trace = Trace.visible.find(params[:id])
|
||||
|
||||
if trace.user == @user
|
||||
if trace.user == current_user
|
||||
new_trace = Trace.from_xml(request.raw_post)
|
||||
|
||||
unless new_trace && new_trace.id == trace.id
|
||||
|
|
@ -283,7 +283,7 @@ class TraceController < ApplicationController
|
|||
def api_delete
|
||||
trace = Trace.visible.find(params[:id])
|
||||
|
||||
if trace.user == @user
|
||||
if trace.user == current_user
|
||||
trace.visible = false
|
||||
trace.save!
|
||||
|
||||
|
|
@ -296,7 +296,7 @@ class TraceController < ApplicationController
|
|||
def api_data
|
||||
trace = Trace.visible.find(params[:id])
|
||||
|
||||
if trace.public? || trace.user == @user
|
||||
if trace.public? || trace.user == current_user
|
||||
if request.format == Mime[:xml]
|
||||
send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
|
||||
elsif request.format == Mime[:gpx]
|
||||
|
|
@ -357,7 +357,7 @@ class TraceController < ApplicationController
|
|||
:description => description,
|
||||
:visibility => visibility,
|
||||
:inserted => true,
|
||||
:user => @user,
|
||||
:user => current_user,
|
||||
:timestamp => Time.now.getutc
|
||||
)
|
||||
|
||||
|
|
@ -390,11 +390,11 @@ class TraceController < ApplicationController
|
|||
end
|
||||
|
||||
# Finally save the user's preferred privacy level
|
||||
if pref = @user.preferences.where(:k => "gps.trace.visibility").first
|
||||
if pref = current_user.preferences.where(:k => "gps.trace.visibility").first
|
||||
pref.v = visibility
|
||||
pref.save
|
||||
else
|
||||
@user.preferences.create(:k => "gps.trace.visibility", :v => visibility)
|
||||
current_user.preferences.create(:k => "gps.trace.visibility", :v => visibility)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -407,11 +407,11 @@ class TraceController < ApplicationController
|
|||
end
|
||||
|
||||
def default_visibility
|
||||
visibility = @user.preferences.where(:k => "gps.trace.visibility").first
|
||||
visibility = current_user.preferences.where(:k => "gps.trace.visibility").first
|
||||
|
||||
if visibility
|
||||
visibility.v
|
||||
elsif @user.preferences.where(:k => "gps.trace.public", :v => "default").first.nil?
|
||||
elsif current_user.preferences.where(:k => "gps.trace.public", :v => "default").first.nil?
|
||||
"private"
|
||||
else
|
||||
"public"
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class UserBlocksController < ApplicationController
|
|||
end
|
||||
|
||||
def show
|
||||
if @user && @user.id == @user_block.user_id
|
||||
if current_user && current_user.id == @user_block.user_id
|
||||
@user_block.needs_view = false
|
||||
@user_block.save!
|
||||
end
|
||||
|
|
@ -38,7 +38,7 @@ class UserBlocksController < ApplicationController
|
|||
if @valid_params
|
||||
@user_block = UserBlock.new(
|
||||
:user_id => @this_user.id,
|
||||
:creator_id => @user.id,
|
||||
:creator_id => current_user.id,
|
||||
:reason => params[:user_block][:reason],
|
||||
:ends_at => Time.now.getutc + @block_period.hours,
|
||||
:needs_view => params[:user_block][:needs_view]
|
||||
|
|
@ -57,7 +57,7 @@ class UserBlocksController < ApplicationController
|
|||
|
||||
def update
|
||||
if @valid_params
|
||||
if @user_block.creator_id != @user.id
|
||||
if @user_block.creator_id != current_user.id
|
||||
flash[:error] = t("user_block.update.only_creator_can_edit")
|
||||
redirect_to :action => "edit"
|
||||
elsif @user_block.update_attributes(
|
||||
|
|
@ -79,7 +79,7 @@ class UserBlocksController < ApplicationController
|
|||
# revokes the block, setting the end_time to now
|
||||
def revoke
|
||||
if params[:confirm]
|
||||
if @user_block.revoke! @user
|
||||
if @user_block.revoke! current_user
|
||||
flash[:notice] = t "user_block.revoke.flash"
|
||||
redirect_to(@user_block)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -28,10 +28,10 @@ class UserController < ApplicationController
|
|||
else
|
||||
@title = t "user.terms.title"
|
||||
|
||||
if @user && @user.terms_agreed?
|
||||
if current_user && current_user.terms_agreed?
|
||||
# Already agreed to terms, so just show settings
|
||||
redirect_to :action => :account, :display_name => @user.display_name
|
||||
elsif @user.nil? && session[:new_user].nil?
|
||||
redirect_to :action => :account, :display_name => current_user.display_name
|
||||
elsif current_user.nil? && session[:new_user].nil?
|
||||
redirect_to :action => :login, :referer => request.fullpath
|
||||
end
|
||||
end
|
||||
|
|
@ -41,52 +41,52 @@ class UserController < ApplicationController
|
|||
@title = t "user.new.title"
|
||||
|
||||
if params[:decline]
|
||||
if @user
|
||||
@user.terms_seen = true
|
||||
if current_user
|
||||
current_user.terms_seen = true
|
||||
|
||||
if @user.save
|
||||
if current_user.save
|
||||
flash[:notice] = t("user.new.terms declined", :url => t("user.new.terms declined url")).html_safe
|
||||
end
|
||||
|
||||
if params[:referer]
|
||||
redirect_to params[:referer]
|
||||
else
|
||||
redirect_to :action => :account, :display_name => @user.display_name
|
||||
redirect_to :action => :account, :display_name => current_user.display_name
|
||||
end
|
||||
else
|
||||
redirect_to t("user.terms.declined")
|
||||
end
|
||||
elsif @user
|
||||
unless @user.terms_agreed?
|
||||
@user.consider_pd = params[:user][:consider_pd]
|
||||
@user.terms_agreed = Time.now.getutc
|
||||
@user.terms_seen = true
|
||||
elsif current_user
|
||||
unless current_user.terms_agreed?
|
||||
current_user.consider_pd = params[:user][:consider_pd]
|
||||
current_user.terms_agreed = Time.now.getutc
|
||||
current_user.terms_seen = true
|
||||
|
||||
flash[:notice] = t "user.new.terms accepted" if @user.save
|
||||
flash[:notice] = t "user.new.terms accepted" if current_user.save
|
||||
end
|
||||
|
||||
if params[:referer]
|
||||
redirect_to params[:referer]
|
||||
else
|
||||
redirect_to :action => :account, :display_name => @user.display_name
|
||||
redirect_to :action => :account, :display_name => current_user.display_name
|
||||
end
|
||||
else
|
||||
@user = session.delete(:new_user)
|
||||
self.current_user = session.delete(:new_user)
|
||||
|
||||
if check_signup_allowed(@user.email)
|
||||
@user.data_public = true
|
||||
@user.description = "" if @user.description.nil?
|
||||
@user.creation_ip = request.remote_ip
|
||||
@user.languages = http_accept_language.user_preferred_languages
|
||||
@user.terms_agreed = Time.now.getutc
|
||||
@user.terms_seen = true
|
||||
if check_signup_allowed(current_user.email)
|
||||
current_user.data_public = true
|
||||
current_user.description = "" if current_user.description.nil?
|
||||
current_user.creation_ip = request.remote_ip
|
||||
current_user.languages = http_accept_language.user_preferred_languages
|
||||
current_user.terms_agreed = Time.now.getutc
|
||||
current_user.terms_seen = true
|
||||
|
||||
if @user.auth_uid.blank?
|
||||
@user.auth_provider = nil
|
||||
@user.auth_uid = nil
|
||||
if current_user.auth_uid.blank?
|
||||
current_user.auth_provider = nil
|
||||
current_user.auth_uid = nil
|
||||
end
|
||||
|
||||
if @user.save
|
||||
if current_user.save
|
||||
flash[:piwik_goal] = PIWIK["goals"]["signup"] if defined?(PIWIK)
|
||||
|
||||
referer = welcome_path
|
||||
|
|
@ -103,13 +103,13 @@ class UserController < ApplicationController
|
|||
# Use default
|
||||
end
|
||||
|
||||
if @user.status == "active"
|
||||
if current_user.status == "active"
|
||||
session[:referer] = referer
|
||||
successful_login(@user)
|
||||
successful_login(current_user)
|
||||
else
|
||||
session[:token] = @user.tokens.create.token
|
||||
Notifier.signup_confirm(@user, @user.tokens.create(:referer => referer)).deliver_now
|
||||
redirect_to :action => "confirm", :display_name => @user.display_name
|
||||
session[:token] = current_user.tokens.create.token
|
||||
Notifier.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_now
|
||||
redirect_to :action => "confirm", :display_name => current_user.display_name
|
||||
end
|
||||
else
|
||||
render :action => "new", :referer => params[:referer]
|
||||
|
|
@ -120,29 +120,29 @@ class UserController < ApplicationController
|
|||
|
||||
def account
|
||||
@title = t "user.account.title"
|
||||
@tokens = @user.oauth_tokens.authorized
|
||||
@tokens = current_user.oauth_tokens.authorized
|
||||
|
||||
if params[:user] && params[:user][:display_name] && params[:user][:description]
|
||||
if params[:user][:auth_provider].blank? ||
|
||||
(params[:user][:auth_provider] == @user.auth_provider &&
|
||||
params[:user][:auth_uid] == @user.auth_uid)
|
||||
update_user(@user, params)
|
||||
(params[:user][:auth_provider] == current_user.auth_provider &&
|
||||
params[:user][:auth_uid] == current_user.auth_uid)
|
||||
update_user(current_user, params)
|
||||
else
|
||||
session[:new_user_settings] = params
|
||||
redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid])
|
||||
end
|
||||
elsif errors = session.delete(:user_errors)
|
||||
errors.each do |attribute, error|
|
||||
@user.errors.add(attribute, error)
|
||||
current_user.errors.add(attribute, error)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def go_public
|
||||
@user.data_public = true
|
||||
@user.save
|
||||
current_user.data_public = true
|
||||
current_user.save
|
||||
flash[:notice] = t "user.go_public.flash success"
|
||||
redirect_to :action => "account", :display_name => @user.display_name
|
||||
redirect_to :action => "account", :display_name => current_user.display_name
|
||||
end
|
||||
|
||||
def lost_password
|
||||
|
|
@ -175,18 +175,18 @@ class UserController < ApplicationController
|
|||
token = UserToken.find_by(:token => params[:token])
|
||||
|
||||
if token
|
||||
@user = token.user
|
||||
self.current_user = token.user
|
||||
|
||||
if params[:user]
|
||||
@user.pass_crypt = params[:user][:pass_crypt]
|
||||
@user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
|
||||
@user.status = "active" if @user.status == "pending"
|
||||
@user.email_valid = true
|
||||
current_user.pass_crypt = params[:user][:pass_crypt]
|
||||
current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
|
||||
current_user.status = "active" if current_user.status == "pending"
|
||||
current_user.email_valid = true
|
||||
|
||||
if @user.save
|
||||
if current_user.save
|
||||
token.destroy
|
||||
flash[:notice] = t "user.reset_password.flash changed"
|
||||
successful_login(@user)
|
||||
successful_login(current_user)
|
||||
end
|
||||
end
|
||||
else
|
||||
|
|
@ -202,7 +202,7 @@ class UserController < ApplicationController
|
|||
@title = t "user.new.title"
|
||||
@referer = params[:referer] || session[:referer]
|
||||
|
||||
if @user
|
||||
if current_user
|
||||
# The user is logged in already, so don't show them the signup
|
||||
# page, instead send them to the home page
|
||||
if @referer
|
||||
|
|
@ -211,43 +211,45 @@ class UserController < ApplicationController
|
|||
redirect_to :controller => "site", :action => "index"
|
||||
end
|
||||
elsif params.key?(:auth_provider) && params.key?(:auth_uid)
|
||||
@user = User.new(:email => params[:email],
|
||||
:email_confirmation => params[:email],
|
||||
:display_name => params[:nickname],
|
||||
:auth_provider => params[:auth_provider],
|
||||
:auth_uid => params[:auth_uid])
|
||||
self.current_user = User.new(:email => params[:email],
|
||||
:email_confirmation => params[:email],
|
||||
:display_name => params[:nickname],
|
||||
:auth_provider => params[:auth_provider],
|
||||
:auth_uid => params[:auth_uid])
|
||||
|
||||
flash.now[:notice] = render_to_string :partial => "auth_association"
|
||||
else
|
||||
check_signup_allowed
|
||||
|
||||
self.current_user = User.new
|
||||
end
|
||||
end
|
||||
|
||||
def create
|
||||
@user = User.new(user_params)
|
||||
self.current_user = User.new(user_params)
|
||||
|
||||
if check_signup_allowed(@user.email)
|
||||
if check_signup_allowed(current_user.email)
|
||||
session[:referer] = params[:referer]
|
||||
|
||||
@user.status = "pending"
|
||||
current_user.status = "pending"
|
||||
|
||||
if @user.auth_provider.present? && @user.pass_crypt.empty?
|
||||
if current_user.auth_provider.present? && current_user.pass_crypt.empty?
|
||||
# We are creating an account with external authentication and
|
||||
# no password was specified so create a random one
|
||||
@user.pass_crypt = SecureRandom.base64(16)
|
||||
@user.pass_crypt_confirmation = @user.pass_crypt
|
||||
current_user.pass_crypt = SecureRandom.base64(16)
|
||||
current_user.pass_crypt_confirmation = current_user.pass_crypt
|
||||
end
|
||||
|
||||
if @user.invalid?
|
||||
if current_user.invalid?
|
||||
# Something is wrong with a new user, so rerender the form
|
||||
render :action => "new"
|
||||
elsif @user.auth_provider.present?
|
||||
elsif current_user.auth_provider.present?
|
||||
# Verify external authenticator before moving on
|
||||
session[:new_user] = @user
|
||||
redirect_to auth_url(@user.auth_provider, @user.auth_uid)
|
||||
session[:new_user] = current_user
|
||||
redirect_to auth_url(current_user.auth_provider, current_user.auth_uid)
|
||||
else
|
||||
# Save the user record
|
||||
session[:new_user] = @user
|
||||
session[:new_user] = current_user
|
||||
redirect_to :action => :terms
|
||||
end
|
||||
end
|
||||
|
|
@ -345,23 +347,23 @@ class UserController < ApplicationController
|
|||
if request.post?
|
||||
token = UserToken.find_by(:token => params[:confirm_string])
|
||||
if token && token.user.new_email?
|
||||
@user = token.user
|
||||
@user.email = @user.new_email
|
||||
@user.new_email = nil
|
||||
@user.email_valid = true
|
||||
gravatar_enabled = gravatar_enable(@user)
|
||||
if @user.save
|
||||
self.current_user = token.user
|
||||
current_user.email = current_user.new_email
|
||||
current_user.new_email = nil
|
||||
current_user.email_valid = true
|
||||
gravatar_enabled = gravatar_enable(current_user)
|
||||
if current_user.save
|
||||
flash[:notice] = if gravatar_enabled
|
||||
t("user.confirm_email.success") + " " + gravatar_status_message(@user)
|
||||
t("user.confirm_email.success") + " " + gravatar_status_message(current_user)
|
||||
else
|
||||
t("user.confirm_email.success")
|
||||
end
|
||||
else
|
||||
flash[:errors] = @user.errors
|
||||
flash[:errors] = current_user.errors
|
||||
end
|
||||
token.destroy
|
||||
session[:user] = @user.id
|
||||
redirect_to :action => "account", :display_name => @user.display_name
|
||||
session[:user] = current_user.id
|
||||
redirect_to :action => "account", :display_name => current_user.display_name
|
||||
elsif token
|
||||
flash[:error] = t "user.confirm_email.failure"
|
||||
redirect_to :action => "account", :display_name => token.user.display_name
|
||||
|
|
@ -380,13 +382,13 @@ class UserController < ApplicationController
|
|||
end
|
||||
|
||||
def api_details
|
||||
@this_user = @user
|
||||
@this_user = current_user
|
||||
render :action => :api_read, :content_type => "text/xml"
|
||||
end
|
||||
|
||||
def api_gpx_files
|
||||
doc = OSM::API.new.get_xml_doc
|
||||
@user.traces.reload.each do |trace|
|
||||
current_user.traces.reload.each do |trace|
|
||||
doc.root << trace.to_xml_node
|
||||
end
|
||||
render :xml => doc.to_s
|
||||
|
|
@ -396,7 +398,7 @@ class UserController < ApplicationController
|
|||
@this_user = User.find_by(:display_name => params[:display_name])
|
||||
|
||||
if @this_user &&
|
||||
(@this_user.visible? || (@user && @user.administrator?))
|
||||
(@this_user.visible? || (current_user && current_user.administrator?))
|
||||
@title = @this_user.display_name
|
||||
else
|
||||
render_unknown_user params[:display_name]
|
||||
|
|
@ -409,9 +411,9 @@ class UserController < ApplicationController
|
|||
if @new_friend
|
||||
if request.post?
|
||||
friend = Friend.new
|
||||
friend.user_id = @user.id
|
||||
friend.user_id = current_user.id
|
||||
friend.friend_user_id = @new_friend.id
|
||||
if @user.is_friends_with?(@new_friend)
|
||||
if current_user.is_friends_with?(@new_friend)
|
||||
flash[:warning] = t "user.make_friend.already_a_friend", :name => @new_friend.display_name
|
||||
elsif friend.save
|
||||
flash[:notice] = t "user.make_friend.success", :name => @new_friend.display_name
|
||||
|
|
@ -436,8 +438,8 @@ class UserController < ApplicationController
|
|||
|
||||
if @friend
|
||||
if request.post?
|
||||
if @user.is_friends_with?(@friend)
|
||||
Friend.where(:user_id => @user.id, :friend_user_id => @friend.id).delete_all
|
||||
if current_user.is_friends_with?(@friend)
|
||||
Friend.where(:user_id => current_user.id, :friend_user_id => @friend.id).delete_all
|
||||
flash[:notice] = t "user.remove_friend.success", :name => @friend.display_name
|
||||
else
|
||||
flash[:error] = t "user.remove_friend.not_a_friend", :name => @friend.display_name
|
||||
|
|
@ -514,14 +516,14 @@ class UserController < ApplicationController
|
|||
end
|
||||
|
||||
if settings = session.delete(:new_user_settings)
|
||||
@user.auth_provider = provider
|
||||
@user.auth_uid = uid
|
||||
current_user.auth_provider = provider
|
||||
current_user.auth_uid = uid
|
||||
|
||||
update_user(@user, settings)
|
||||
update_user(current_user, settings)
|
||||
|
||||
session[:user_errors] = @user.errors.as_json
|
||||
session[:user_errors] = current_user.errors.as_json
|
||||
|
||||
redirect_to :action => "account", :display_name => @user.display_name
|
||||
redirect_to :action => "account", :display_name => current_user.display_name
|
||||
elsif session[:new_user]
|
||||
session[:new_user].auth_provider = provider
|
||||
session[:new_user].auth_uid = uid
|
||||
|
|
@ -547,7 +549,7 @@ class UserController < ApplicationController
|
|||
when "active", "confirmed" then
|
||||
successful_login(user, request.env["omniauth.params"]["referer"])
|
||||
when "suspended" then
|
||||
failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}")
|
||||
failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}").html_safe
|
||||
else
|
||||
failed_login t("user.login.auth failure")
|
||||
end
|
||||
|
|
@ -575,7 +577,7 @@ class UserController < ApplicationController
|
|||
elsif user = User.authenticate(:username => username, :password => password, :pending => true)
|
||||
unconfirmed_login(user)
|
||||
elsif User.authenticate(:username => username, :password => password, :suspended => true)
|
||||
failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}"), username
|
||||
failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}").html_safe, username
|
||||
else
|
||||
failed_login t("user.login.auth failure"), username
|
||||
end
|
||||
|
|
@ -725,8 +727,8 @@ class UserController < ApplicationController
|
|||
# Ignore errors sending email
|
||||
end
|
||||
else
|
||||
@user.errors.add(:new_email, @user.errors[:email])
|
||||
@user.errors.add(:email, [])
|
||||
current_user.errors.add(:new_email, current_user.errors[:email])
|
||||
current_user.errors.add(:email, [])
|
||||
end
|
||||
|
||||
user.restore_email!
|
||||
|
|
@ -738,7 +740,7 @@ class UserController < ApplicationController
|
|||
# require that the user is a administrator, or fill out a helpful error message
|
||||
# and return them to the user page.
|
||||
def require_administrator
|
||||
if @user && !@user.administrator?
|
||||
if current_user && !current_user.administrator?
|
||||
flash[:error] = t("user.filter.not_an_administrator")
|
||||
|
||||
if params[:display_name]
|
||||
|
|
@ -746,7 +748,7 @@ class UserController < ApplicationController
|
|||
else
|
||||
redirect_to :action => "login", :referer => request.fullpath
|
||||
end
|
||||
elsif !@user
|
||||
elsif !current_user
|
||||
redirect_to :action => "login", :referer => request.fullpath
|
||||
end
|
||||
end
|
||||
|
|
@ -754,7 +756,7 @@ class UserController < ApplicationController
|
|||
##
|
||||
# require that the user in the URL is the logged in user
|
||||
def require_self
|
||||
head :forbidden if params[:display_name] != @user.display_name
|
||||
head :forbidden if params[:display_name] != current_user.display_name
|
||||
end
|
||||
|
||||
##
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ class UserPreferenceController < ApplicationController
|
|||
def read
|
||||
doc = OSM::API.new.get_xml_doc
|
||||
|
||||
prefs = @user.preferences
|
||||
prefs = current_user.preferences
|
||||
|
||||
el1 = XML::Node.new "preferences"
|
||||
|
||||
|
|
@ -26,14 +26,14 @@ class UserPreferenceController < ApplicationController
|
|||
##
|
||||
# return the value for a single preference
|
||||
def read_one
|
||||
pref = UserPreference.find([@user.id, params[:preference_key]])
|
||||
pref = UserPreference.find([current_user.id, params[:preference_key]])
|
||||
|
||||
render :plain => pref.v.to_s
|
||||
end
|
||||
|
||||
# update the entire set of preferences
|
||||
def update
|
||||
old_preferences = @user.preferences.each_with_object({}) do |preference, preferences|
|
||||
old_preferences = current_user.preferences.each_with_object({}) do |preference, preferences|
|
||||
preferences[preference.k] = preference
|
||||
end
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ class UserPreferenceController < ApplicationController
|
|||
elsif new_preferences.include?(pt["k"])
|
||||
raise OSM::APIDuplicatePreferenceError.new(pt["k"])
|
||||
else
|
||||
preference = @user.preferences.build(:k => pt["k"], :v => pt["v"])
|
||||
preference = current_user.preferences.build(:k => pt["k"], :v => pt["v"])
|
||||
end
|
||||
|
||||
new_preferences[preference.k] = preference
|
||||
|
|
@ -64,10 +64,10 @@ class UserPreferenceController < ApplicationController
|
|||
# update the value of a single preference
|
||||
def update_one
|
||||
begin
|
||||
pref = UserPreference.find([@user.id, params[:preference_key]])
|
||||
pref = UserPreference.find([current_user.id, params[:preference_key]])
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
pref = UserPreference.new
|
||||
pref.user = @user
|
||||
pref.user = current_user
|
||||
pref.k = params[:preference_key]
|
||||
end
|
||||
|
||||
|
|
@ -80,7 +80,7 @@ class UserPreferenceController < ApplicationController
|
|||
##
|
||||
# delete a single preference
|
||||
def delete_one
|
||||
UserPreference.find([@user.id, params[:preference_key]]).delete
|
||||
UserPreference.find([current_user.id, params[:preference_key]]).delete
|
||||
|
||||
render :plain => ""
|
||||
end
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ class UserRolesController < ApplicationController
|
|||
before_action :in_role, :only => [:revoke]
|
||||
|
||||
def grant
|
||||
@this_user.roles.create(:role => @role, :granter_id => @user.id)
|
||||
@this_user.roles.create(:role => @role, :granter_id => current_user.id)
|
||||
redirect_to :controller => "user", :action => "view", :display_name => @this_user.display_name
|
||||
end
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ class UserRolesController < ApplicationController
|
|||
# require that the user is an administrator, or fill out a helpful error message
|
||||
# and return them to theuser page.
|
||||
def require_administrator
|
||||
unless @user.administrator?
|
||||
unless current_user.administrator?
|
||||
flash[:error] = t "user_role.filter.not_an_administrator"
|
||||
redirect_to :controller => "user", :action => "view", :display_name => @this_user.display_name
|
||||
end
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ class WayController < ApplicationController
|
|||
way = Way.from_xml(request.raw_post, true)
|
||||
|
||||
# Assume that Way.from_xml has thrown an exception if there is an error parsing the xml
|
||||
way.create_with_history @user
|
||||
way.create_with_history current_user
|
||||
render :plain => way.id.to_s
|
||||
end
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ class WayController < ApplicationController
|
|||
raise OSM::APIBadUserInput.new("The id in the url (#{way.id}) is not the same as provided in the xml (#{new_way.id})")
|
||||
end
|
||||
|
||||
way.update_from(new_way, @user)
|
||||
way.update_from(new_way, current_user)
|
||||
render :plain => way.version.to_s
|
||||
end
|
||||
|
||||
|
|
@ -49,7 +49,7 @@ class WayController < ApplicationController
|
|||
new_way = Way.from_xml(request.raw_post)
|
||||
|
||||
if new_way && new_way.id == way.id
|
||||
way.delete_with_history!(new_way, @user)
|
||||
way.delete_with_history!(new_way, current_user)
|
||||
render :plain => way.version.to_s
|
||||
else
|
||||
head :bad_request
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue