Implement the cancan filters for diary entries

[rails.git] / app / controllers / user_controller.rb

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 54e2fa9c0bff45d3dffafba422bd74e81b77064e..d853d4822979b6ab956a166cd6946c12f5f7e752 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -1,6 +1,8 @@
 class UserController < ApplicationController
   layout "site", :except => [:api_details]
 
+  skip_authorization_check :only => [:login, :logout]
+
   skip_before_action :verify_authenticity_token, :only => [:api_read, :api_details, :api_gpx_files, :auth_success]
   before_action :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
   before_action :authorize, :only => [:api_details, :api_gpx_files]
@@ -118,7 +120,6 @@ class UserController < ApplicationController
   end
 
   def account
-    @title = t "user.account.title"
     @tokens = current_user.oauth_tokens.authorized
 
     if params[:user] && params[:user][:display_name] && params[:user][:description]
@@ -135,6 +136,7 @@ class UserController < ApplicationController
         current_user.errors.add(attribute, error)
       end
     end
+    @title = t "user.account.title"
   end
 
   def go_public
@@ -712,7 +714,7 @@ class UserController < ApplicationController
     end
 
     if user.save
-      set_locale
+      set_locale(true)
 
       if user.new_email.blank? || user.new_email == user.email
         flash.now[:notice] = t "user.account.flash update success"