Phase 2 CTs implementation and tests, with config parameter

[rails.git] / app / controllers / application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bc71f275f1e8607d25826963df89f2fe0ba5b9a9..a22bc13edd9500a804fb7d2e467e70534078f87c 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -104,6 +104,14 @@ class ApplicationController < ActionController::Base
       # NOTE: need slightly more helpful message than this.
       render :text => t('application.setup_user_auth.blocked'), :status => :forbidden
     end
+    # if the user hasn't seen the contributor terms then don't
+    # allow editing - they have to go to the web site and see
+    # (but can decline) the CTs to continue.
+    if REQUIRE_TERMS_SEEN
+      unless @user.nil? or @user.terms_seen
+        render :text => t('application.setup_user_auth.need_to_see_terms'), :status => :forbidden
+      end
+    end
   end
 
   def authorize(realm='Web Password', errormessage="Couldn't authenticate you")