]> git.openstreetmap.org Git - rails.git/blob - app/controllers/user_blocks_controller.rb
Allow form submission to any location from the login page
[rails.git] / app / controllers / user_blocks_controller.rb
1 class UserBlocksController < ApplicationController
2   layout "site"
3
4   before_action :authorize_web
5   before_action :set_locale
6
7   authorize_resource
8
9   before_action :lookup_user, :only => [:new, :create, :blocks_on, :blocks_by]
10   before_action :lookup_user_block, :only => [:show, :edit, :update, :revoke]
11   before_action :require_valid_params, :only => [:create, :update]
12   before_action :check_database_readable
13   before_action :check_database_writable, :only => [:create, :update, :revoke]
14
15   def index
16     @params = params.permit
17     @user_blocks_pages, @user_blocks = paginate(:user_blocks,
18                                                 :include => [:user, :creator, :revoker],
19                                                 :order => "user_blocks.ends_at DESC",
20                                                 :per_page => 20)
21   end
22
23   def show
24     if current_user && current_user == @user_block.user
25       @user_block.needs_view = false
26       @user_block.save!
27     end
28   end
29
30   def new
31     @user_block = UserBlock.new
32   end
33
34   def edit
35     params[:user_block_period] = ((@user_block.ends_at - Time.now.getutc) / 1.hour).ceil.to_s
36   end
37
38   def create
39     if @valid_params
40       @user_block = UserBlock.new(
41         :user => @user,
42         :creator => current_user,
43         :reason => params[:user_block][:reason],
44         :ends_at => Time.now.getutc + @block_period.hours,
45         :needs_view => params[:user_block][:needs_view]
46       )
47
48       if @user_block.save
49         flash[:notice] = t(".flash", :name => @user.display_name)
50         redirect_to @user_block
51       else
52         render :action => "new"
53       end
54     else
55       redirect_to new_user_block_path(:display_name => params[:display_name])
56     end
57   end
58
59   def update
60     if @valid_params
61       if @user_block.creator != current_user
62         flash[:error] = t(".only_creator_can_edit")
63         redirect_to :action => "edit"
64       elsif @user_block.update(
65         :ends_at => Time.now.getutc + @block_period.hours,
66         :reason => params[:user_block][:reason],
67         :needs_view => params[:user_block][:needs_view]
68       )
69         flash[:notice] = t(".success")
70         redirect_to(@user_block)
71       else
72         render :action => "edit"
73       end
74     else
75       redirect_to edit_user_block_path(:id => params[:id])
76     end
77   end
78
79   ##
80   # revokes the block, setting the end_time to now
81   def revoke
82     if request.post? && params[:confirm] && @user_block.revoke!(current_user)
83       flash[:notice] = t ".flash"
84       redirect_to(@user_block)
85     end
86   end
87
88   ##
89   # shows a list of all the blocks on the given user
90   def blocks_on
91     @params = params.permit(:display_name)
92     @user_blocks_pages, @user_blocks = paginate(:user_blocks,
93                                                 :include => [:user, :creator, :revoker],
94                                                 :conditions => { :user_id => @user.id },
95                                                 :order => "user_blocks.ends_at DESC",
96                                                 :per_page => 20)
97   end
98
99   ##
100   # shows a list of all the blocks by the given user.
101   def blocks_by
102     @params = params.permit(:display_name)
103     @user_blocks_pages, @user_blocks = paginate(:user_blocks,
104                                                 :include => [:user, :creator, :revoker],
105                                                 :conditions => { :creator_id => @user.id },
106                                                 :order => "user_blocks.ends_at DESC",
107                                                 :per_page => 20)
108   end
109
110   private
111
112   ##
113   # ensure that there is a "user_block" instance variable
114   def lookup_user_block
115     @user_block = UserBlock.find(params[:id])
116   rescue ActiveRecord::RecordNotFound
117     render :action => "not_found", :status => :not_found
118   end
119
120   ##
121   # check that the input parameters are valid, setting an instance
122   # variable if not. note that this doesn't do any redirection, as it's
123   # called before two different actions, each of which should redirect
124   # to a different place.
125   def require_valid_params
126     @block_period = params[:user_block_period].to_i
127     @valid_params = false
128
129     if UserBlock::PERIODS.exclude?(@block_period)
130       flash[:error] = t("user_blocks.filter.block_period")
131
132     elsif @user_block && !@user_block.active?
133       flash[:error] = t("user_blocks.filter.block_expired")
134
135     else
136       @valid_params = true
137     end
138   end
139 end