class ApplicationController < ActionController::Base
+ include SessionPersistence
protect_from_forgery
end
def require_user
- redirect_to :controller => 'user', :action => 'login', :referer => request.fullpath unless @user
+ unless @user
+ if request.get?
+ redirect_to :controller => 'user', :action => 'login', :referer => request.fullpath
+ else
+ render :nothing => true, :status => :forbidden
+ end
+ end
end
##
report_error message, :bad_request
rescue OSM::APIError => ex
report_error ex.message, ex.status
- rescue ActionController::UnknownAction => ex
+ rescue AbstractController::ActionNotFound => ex
raise
rescue Exception => ex
logger.info("API threw unexpected #{ex.class} exception: #{ex.message}")
end)
options[:cache_path] = Proc.new do |controller|
- cache_path.merge(controller.params).merge(:locale => I18n.locale)
+ cache_path.merge(controller.params).merge(:host => SERVER_URL, :locale => I18n.locale)
end
actions.push(options)
# extend expire_action to expire all variants
def expire_action(options = {})
I18n.available_locales.each do |locale|
- super options.merge(:locale => locale)
+ super options.merge(:host => SERVER_URL, :locale => locale)
end
end
!@user.nil?
end
+ ##
+ # ensure that there is a "this_user" instance variable
+ def lookup_this_user
+ unless @this_user = User.active.find_by_display_name(params[:display_name])
+ render_unknown_user params[:display_name]
+ end
+ end
+
+ ##
+ # render a "no such user" page
+ def render_unknown_user(name)
+ @title = t "user.no_such_user.title"
+ @not_found_user = name
+
+ render :template => "user/no_such_user", :status => :not_found
+ end
+
private
# extract authorisation credentials from headers, returns user = nil if none