Use resourceful routes for terms view/accept/decline

[rails.git] / app / controllers / application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8290a027eecce8270e3e1241de40980977ead5dd..25c430f1c0290d02b01a89a412d6eb1fc68aae05 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -20,8 +20,8 @@ class ApplicationController < ActionController::Base
   helper_method :oauth_token
 
   def self.allow_thirdparty_images(**options)
-    content_security_policy(options) do |policy|
-      policy.img_src("*")
+    content_security_policy(**options) do |policy|
+      policy.img_src("*", :data)
     end
   end
 
@@ -56,11 +56,11 @@ class ApplicationController < ActionController::Base
       # don't allow access to any auth-requiring part of the site unless
       # the new CTs have been seen (and accept/decline chosen).
       elsif !current_user.terms_seen && flash[:skip_terms].nil?
-        flash[:notice] = t "users.terms.you need to accept or decline"
+        flash[:notice] = t "accounts.terms.show.you need to accept or decline"
         if params[:referer]
-          redirect_to :controller => "users", :action => "terms", :referer => params[:referer]
+          redirect_to account_terms_path(:referer => params[:referer])
         else
-          redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
+          redirect_to account_terms_path(:referer => request.fullpath)
         end
       end
     end
@@ -215,23 +215,26 @@ class ApplicationController < ActionController::Base
 
   ##
   # wrap a web page in a timeout
-  def web_timeout(&block)
+  def web_timeout(&)
     raise Timeout::Error if Settings.web_timeout.negative?
 
-    Timeout.timeout(Settings.web_timeout, &block)
+    Timeout.timeout(Settings.web_timeout, &)
   rescue ActionView::Template::Error => e
     e = e.cause
 
     if e.is_a?(Timeout::Error) ||
        (e.is_a?(ActiveRecord::StatementInvalid) && e.message.include?("execution expired"))
-      ActiveRecord::Base.connection.raw_connection.cancel
-      render :action => "timeout"
+      respond_to_timeout
     else
       raise
     end
   rescue Timeout::Error
+    respond_to_timeout
+  end
+
+  def respond_to_timeout
     ActiveRecord::Base.connection.raw_connection.cancel
-    render :action => "timeout"
+    render :action => "timeout", :status => :gateway_timeout
   end
 
   ##
@@ -250,9 +253,7 @@ class ApplicationController < ActionController::Base
   def map_layout
     policy = request.content_security_policy.clone
 
-    policy.child_src(*policy.child_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112")
-    policy.frame_src(*policy.frame_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112")
-    policy.connect_src(*policy.connect_src, Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url)
+    policy.connect_src(*policy.connect_src, "http://127.0.0.1:8111", Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url)
     policy.form_action(*policy.form_action, "render.openstreetmap.org")
     policy.style_src(*policy.style_src, :unsafe_inline)
 
@@ -278,7 +279,15 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  helper_method :preferred_editor
+  def preferred_color_scheme(subject)
+    if current_user
+      current_user.preferences.find_by(:k => "#{subject}.color_scheme")&.v || "auto"
+    else
+      "auto"
+    end
+  end
+
+  helper_method :preferred_editor, :preferred_color_scheme
 
   def update_totp
     if Settings.key?(:totp_key)