+ ##
+ # requires the user to be logged in by the token or HTTP methods, or have an
+ # OAuth token with the right capability. this method is a bit of a pain to call
+ # directly, since it's cumbersome to call filters with arguments in rails. to
+ # make it easier to read and write the code, there are some utility methods
+ # below.
+ def require_capability(cap)
+ # when the current token is nil, it means the user logged in with a different
+ # method, otherwise an OAuth token was used, which has to be checked.
+ unless current_token.nil?
+ unless current_token.read_attribute(cap)
+ report_error "OAuth token doesn't have that capability.", :forbidden
+ return false
+ end
+ end
+ end
+
+ ##
+ # require the user to have cookies enabled in their browser
+ def require_cookies
+ if request.cookies["_osm_session"].to_s == ""
+ if params[:cookie_test].nil?
+ session[:cookie_test] = true
+ redirect_to params.merge(:cookie_test => "true")
+ return false
+ else
+ flash.now[:warning] = t 'application.require_cookies.cookies_needed'
+ end
+ else
+ session.delete(:cookie_test)
+ end
+ end
+
+ # Utility methods to make the controller filter methods easier to read and write.
+ def require_allow_read_prefs
+ require_capability(:allow_read_prefs)
+ end
+ def require_allow_write_prefs
+ require_capability(:allow_write_prefs)
+ end
+ def require_allow_write_diary
+ require_capability(:allow_write_diary)
+ end
+ def require_allow_write_api
+ require_capability(:allow_write_api)
+
+ if REQUIRE_TERMS_AGREED and @user.terms_agreed.nil?
+ report_error "You must accept the contributor terms before you can edit.", :forbidden
+ return false
+ end
+ end
+ def require_allow_read_gpx
+ require_capability(:allow_read_gpx)
+ end
+ def require_allow_write_gpx
+ require_capability(:allow_write_gpx)
+ end
+