- layout 'site', :except => :api_details
-
- before_filter :authorize, :only => [:api_details, :api_gpx_files]
- before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
- before_filter :set_locale, :except => [:api_details, :api_gpx_files]
- before_filter :require_user, :only => [:account, :go_public, :make_friend, :remove_friend]
- before_filter :check_database_readable, :except => [:api_details, :api_gpx_files]
- before_filter :check_database_writable, :only => [:login, :new, :account, :go_public, :make_friend, :remove_friend]
- before_filter :check_api_readable, :only => [:api_details, :api_gpx_files]
- before_filter :require_allow_read_prefs, :only => [:api_details]
- before_filter :require_allow_read_gpx, :only => [:api_gpx_files]
- before_filter :require_cookies, :only => [:login, :confirm]
- before_filter :require_administrator, :only => [:activate, :deactivate, :hide, :unhide, :delete]
- before_filter :lookup_this_user, :only => [:activate, :deactivate, :hide, :unhide, :delete]
-
- filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation
-
- cache_sweeper :user_sweeper, :only => [:account, :hide, :unhide, :delete]
-
- def save
- @title = t 'user.new.title'
-
- if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"})
- render :action => 'new'
+ layout "site", :except => [:api_details]
+
+ skip_before_action :verify_authenticity_token, :only => [:api_read, :api_details, :api_gpx_files, :auth_success]
+ before_action :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
+ before_action :authorize, :only => [:api_details, :api_gpx_files]
+ before_action :authorize_web, :except => [:api_read, :api_details, :api_gpx_files]
+ before_action :set_locale, :except => [:api_read, :api_details, :api_gpx_files]
+ before_action :require_user, :only => [:account, :go_public, :make_friend, :remove_friend]
+ before_action :require_self, :only => [:account]
+ before_action :check_database_readable, :except => [:login, :api_read, :api_details, :api_gpx_files]
+ before_action :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public, :make_friend, :remove_friend]
+ before_action :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files]
+ before_action :require_allow_read_prefs, :only => [:api_details]
+ before_action :require_allow_read_gpx, :only => [:api_gpx_files]
+ before_action :require_cookies, :only => [:new, :login, :confirm]
+ before_action :require_administrator, :only => [:set_status, :delete, :list]
+ around_action :api_call_handle_error, :only => [:api_read, :api_details, :api_gpx_files]
+ before_action :lookup_user_by_id, :only => [:api_read]
+ before_action :lookup_user_by_name, :only => [:set_status, :delete]
+
+ def terms
+ @legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || DEFAULT_LEGALE
+ @text = OSM.legal_text_for_country(@legale)
+
+ if request.xhr?
+ render :partial => "terms"