protect_from_forgery
+ before_filter :fetch_body
+
if STATUS == :database_readonly or STATUS == :database_offline
def self.cache_sweeper(*sweepers)
end
end
end
+ def require_oauth
+ @oauth = @user.access_token(OAUTH_KEY) if @user and defined? OAUTH_KEY
+ end
+
##
# requires the user to be logged in by the token or HTTP methods, or have an
# OAuth token with the right capability. this method is a bit of a pain to call
def require_allow_write_gpx
require_capability(:allow_write_gpx)
end
+ def require_allow_write_notes
+ require_capability(:allow_write_notes)
+ end
##
# require that the user is a moderator, or fill out a helpful error message
- # and return them to the blocks index.
+ # and return them to the index for the controller this is wrapped from.
def require_moderator
unless @user.moderator?
if request.get?
# have we identified the user?
if @user
# check if the user has been banned
- if not @user.active_blocks.empty?
+ if @user.blocks.active.exists?
# NOTE: need slightly more helpful message than this.
report_error t('application.setup_user_auth.blocked'), :forbidden
end
# to be used as a before_filter *after* authorize. this checks that
# the user is a moderator and, if not, returns a forbidden error.
#
+ # NOTE: this isn't a very good way of doing it - it duplicates logic
+ # from require_moderator - but what we really need to do is a fairly
+ # drastic refactoring based on :format and respond_to? but not a
+ # good idea to do that in this branch.
def authorize_moderator(errormessage="Access restricted to moderators")
# check user is a moderator
unless @user.moderator?
end
def check_api_readable
- if STATUS == :database_offline or STATUS == :api_offline
+ if api_status == :offline
report_error "Database offline for maintenance", :service_unavailable
return false
end
end
def check_api_writable
- if STATUS == :database_offline or STATUS == :database_readonly or
- STATUS == :api_offline or STATUS == :api_readonly
+ unless api_status == :online
report_error "Database offline for maintenance", :service_unavailable
return false
end
end
+ def database_status
+ if STATUS == :database_offline
+ :offline
+ elsif STATUS == :database_readonly
+ :readonly
+ else
+ :online
+ end
+ end
+
+ def api_status
+ status = database_status
+ if status == :online
+ if STATUS == :api_offline
+ status = :offline
+ elsif STATUS == :api_readonly
+ status = :readonly
+ end
+ end
+ return status
+ end
+
+ def gpx_status
+ status = database_status
+ if status == :online
+ status = :offline if STATUS == :gpx_offline
+ end
+ return status
+ end
+
def require_public_data
unless @user.data_public?
report_error "You must make your edits public to upload new data", :forbidden
render :text => result.to_s, :content_type => "text/xml"
else
- render :text => message, :status => status
+ render :text => message, :status => status, :content_type => "text/plain"
end
end
def set_locale
response.header['Vary'] = 'Accept-Language'
- if @user
- if !@user.languages.empty?
- request.user_preferred_languages = @user.languages
- response.header['Vary'] = '*'
- elsif !request.user_preferred_languages.empty?
- @user.languages = request.user_preferred_languages
- @user.save
- end
+ if @user && !@user.languages.empty?
+ request.user_preferred_languages = @user.languages
+ response.header['Vary'] = '*'
+ end
+
+ I18n.locale = select_locale
+
+ if @user && @user.languages.empty? && !request.user_preferred_languages.empty?
+ @user.languages = request.user_preferred_languages
+ @user.save
+ end
+
+ response.headers['Content-Language'] = I18n.locale.to_s
+ end
+
+ def select_locale(locales = I18n.available_locales)
+ if params[:locale]
+ request.user_preferred_languages = [ params[:locale] ]
end
- if request.compatible_language_from(I18n.available_locales).nil?
+ if request.compatible_language_from(locales).nil?
request.user_preferred_languages = request.user_preferred_languages.collect do |pl|
pls = [ pl ]
while pl.match(/^(.*)-[^-]+$/)
- pls.push($1) if I18n.available_locales.include?($1.to_sym)
+ pls.push($1) if locales.include?($1) or locales.include?($1.to_sym)
pl = $1
end
pls
end.flatten
-
- if @user and not request.compatible_language_from(I18n.available_locales).nil?
- @user.languages = request.user_preferred_languages
- @user.save
- end
end
- I18n.locale = request.compatible_language_from(I18n.available_locales) || I18n.default_locale
-
- response.headers['Content-Language'] = I18n.locale.to_s
+ request.compatible_language_from(locales) || I18n.default_locale
end
+ helper_method :select_locale
+
def api_call_handle_error
begin
yield
@title = t "user.no_such_user.title"
@not_found_user = name
- render :template => "user/no_such_user", :status => :not_found
+ respond_to do |format|
+ format.html { render :template => "user/no_such_user", :status => :not_found }
+ format.all { render :nothing => true, :status => :not_found }
+ end
end
-
+
+ ##
+ # Unfortunately if a PUT or POST request that has a body fails to
+ # read it then Apache will sometimes fail to return the response it
+ # is given to the client properly, instead erroring:
+ #
+ # https://issues.apache.org/bugzilla/show_bug.cgi?id=44782
+ #
+ # To work round this we call rewind on the body here, which is added
+ # as a filter, to force it to be fetched from Apache into a file.
+ def fetch_body
+ request.body.rewind
+ end
+
private
# extract authorisation credentials from headers, returns user = nil if none