Split browse_helper.rb into two modules due to rubocop ModuleLength

[rails.git] / app / controllers / application_controller.rb
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb

index 0d43393fd4ff6334c0ed0c929c773d5565dd0333..7f9ab6ead6ae889209c4b41fd8df271799ce1c0b 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -24,7 +24,7 @@ class ApplicationController < ActionController::Base
        # don't allow access to any auth-requiring part of the site unless
        # the new CTs have been seen (and accept/decline chosen).
        elsif !current_user.terms_seen && flash[:skip_terms].nil?
        # don't allow access to any auth-requiring part of the site unless
        # the new CTs have been seen (and accept/decline chosen).
        elsif !current_user.terms_seen && flash[:skip_terms].nil?
-        flash[:notice] = t "user.terms.you need to accept or decline"
+        flash[:notice] = t "users.terms.you need to accept or decline"
          if params[:referer]
            redirect_to :controller => "users", :action => "terms", :referer => params[:referer]
          else
          if params[:referer]
            redirect_to :controller => "users", :action => "terms", :referer => params[:referer]
          else
@@ -414,9 +414,9 @@ class ApplicationController < ActionController::Base
      append_content_security_policy_directives(
        :child_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
        :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
      append_content_security_policy_directives(
        :child_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
        :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
-      :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org graphhopper.com],
+      :connect_src => [NOMINATIM_URL, OVERPASS_URL, OSRM_URL, GRAPHHOPPER_URL],
        :form_action => %w[render.openstreetmap.org],
        :form_action => %w[render.openstreetmap.org],
-      :script_src => %w[open.mapquestapi.com],
+      :script_src => [MAPQUEST_DIRECTIONS_URL],
        :img_src => %w[developer.mapquest.com]
      )
  
        :img_src => %w[developer.mapquest.com]
      )
  
@@ -469,19 +469,31 @@ class ApplicationController < ActionController::Base
    end
  
    def current_ability
    end
  
    def current_ability
-    Ability.new(current_user).merge(granted_capability)
-  end
-
-  def granted_capability
-    Capability.new(current_user, current_token)
+    # Add in capabilities from the oauth token if it exists and is a valid access token
+    if Authenticator.new(self, [:token]).allow?
+      Ability.new(current_user).merge(Capability.new(current_token))
+    else
+      Ability.new(current_user)
+    end
    end
  
    def deny_access(_exception)
    end
  
    def deny_access(_exception)
-    if current_user
+    if current_token
        set_locale
        report_error t("oauth.permissions.missing"), :forbidden
        set_locale
        report_error t("oauth.permissions.missing"), :forbidden
+    elsif current_user
+      set_locale
+      respond_to do |format|
+        format.html { redirect_to :controller => "errors", :action => "forbidden" }
+        format.any { report_error t("application.permission_denied"), :forbidden }
+      end
+    elsif request.get?
+      respond_to do |format|
+        format.html { redirect_to :controller => "users", :action => "login", :referer => request.fullpath }
+        format.any { head :forbidden }
+      end
      else
      else
-      require_user
+      head :forbidden
      end
    end
  
      end
    end