X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/552a647810d16013b26a93299406d5797157faba..b2e490e6fa6c9da7f328019e45407ec3a572ea0c:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index f24e1ee72..6935af3bc 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -11,18 +11,59 @@ class UserController < ApplicationController before_filter :require_allow_read_prefs, :only => [:api_details] before_filter :require_allow_read_gpx, :only => [:api_gpx_files] before_filter :require_cookies, :only => [:login, :confirm] - before_filter :require_administrator, :only => [:set_status, :delete] + before_filter :require_administrator, :only => [:set_status, :delete, :list] before_filter :lookup_this_user, :only => [:set_status, :delete] filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation - cache_sweeper :user_sweeper, :only => [:account, :set_status, :delete] + cache_sweeper :user_sweeper, :only => [:account, :set_status, :delete], :unless => STATUS == :database_offline + + def terms + @legale = params[:legale] || OSM.IPToCountry(request.remote_ip) || DEFAULT_LEGALE + @text = OSM.legal_text_for_country(@legale) + + if request.xhr? + render :update do |page| + page.replace_html "contributorTerms", :partial => "terms", :locals => { :has_decline => params[:has_decline] } + end + else + @title = t 'user.terms.title' + @user = User.new(params[:user]) if params[:user] + + if @user + if @user.invalid? + if @user.new_record? + render :action => :new + else + flash[:errors] = @user.errors + redirect_to :action => :account, :display_name => @user.display_name + end + elsif @user.terms_agreed? + redirect_to :action => :account, :display_name => @user.display_name + end + else + redirect_to :action => :login, :referer => request.request_uri + end + end + end def save @title = t 'user.new.title' if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"}) render :action => 'new' + elsif params[:decline] + redirect_to t('user.terms.declined') + elsif @user + if !@user.terms_agreed? + @user.consider_pd = params[:user][:consider_pd] + @user.terms_agreed = Time.now.getutc + if @user.save + flash[:notice] = t 'user.new.terms accepted' + end + end + + redirect_to :action => :account, :display_name => @user.display_name else @user = User.new(params[:user]) @@ -31,10 +72,12 @@ class UserController < ApplicationController @user.description = "" if @user.description.nil? @user.creation_ip = request.remote_ip @user.languages = request.user_preferred_languages + @user.terms_agreed = Time.now.getutc if @user.save - flash[:notice] = t 'user.new.flash create success message' + flash[:notice] = t 'user.new.flash create success message', :email => @user.email Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer])) + session[:token] = @user.tokens.create.token redirect_to :action => 'login' else render :action => 'new' @@ -66,13 +109,19 @@ class UserController < ApplicationController @user.home_lat = params[:user][:home_lat] @user.home_lon = params[:user][:home_lon] + if params[:user][:preferred_editor] == "default" + @user.preferred_editor = nil + else + @user.preferred_editor = params[:user][:preferred_editor] + end + if @user.save set_locale if @user.new_email.nil? or @user.new_email.empty? - flash.now[:notice] = t 'user.account.flash update success' + flash[:notice] = t 'user.account.flash update success' else - flash.now[:notice] = t 'user.account.flash update success confirm needed' + flash[:notice] = t 'user.account.flash update success confirm needed' begin Notifier.deliver_email_confirm(@user, @user.tokens.create) @@ -80,11 +129,13 @@ class UserController < ApplicationController # Ignore errors sending email end end + + redirect_to :action => "account", :display_name => @user.display_name end else if flash[:errors] flash[:errors].each do |attr,msg| - attr = "new_email" if attr == "email" + attr = "new_email" if attr == "email" and !@user.new_email.nil? @user.errors.add(attr,msg) end end @@ -127,7 +178,7 @@ class UserController < ApplicationController if params[:user] @user.pass_crypt = params[:user][:pass_crypt] @user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation] - @user.status = "active" + @user.status = "active" if @user.status == "pending" @user.email_valid = true if @user.save @@ -167,17 +218,22 @@ class UserController < ApplicationController # them to that unless they've also got a block on them, in # which case redirect them to the block so they can clear it. if user.blocked_on_view - redirect_to user.blocked_on_view, :referrer => params[:referrer] + redirect_to user.blocked_on_view, :referer => params[:referer] elsif params[:referer] redirect_to params[:referer] else redirect_to :controller => 'site', :action => 'index' end - elsif User.authenticate(:username => email_or_display_name, :password => pass, :inactive => true) - flash.now[:error] = t 'user.login.account not active' + elsif user = User.authenticate(:username => email_or_display_name, :password => pass, :pending => true) + flash.now[:error] = t 'user.login.account not active', :reconfirm => url_for(:action => 'confirm_resend', :display_name => user.display_name) + elsif User.authenticate(:username => email_or_display_name, :password => pass, :suspended => true) + webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" + flash.now[:error] = t 'user.login.account suspended', :webmaster => webmaster else flash.now[:error] = t 'user.login.auth failure' end + elsif flash[:notice].nil? + flash.now[:notice] = t 'user.login.notice' end end @@ -203,30 +259,72 @@ class UserController < ApplicationController end def confirm - if params[:confirm_action] - token = UserToken.find_by_token(params[:confirm_string]) - if token and !token.user.active? - @user = token.user - @user.status = "active" - @user.email_valid = true - @user.save! - referer = token.referer - token.destroy - flash[:notice] = t 'user.confirm.success' - session[:user] = @user.id - unless referer.nil? - redirect_to referer + if request.post? + if token = UserToken.find_by_token(params[:confirm_string]) + if token.user.active? + flash[:error] = t('user.confirm.already active') + redirect_to :action => 'login' else - redirect_to :action => 'account', :display_name => @user.display_name + user = token.user + user.status = "active" + user.email_valid = true + user.save! + referer = token.referer + token.destroy + + if session[:token] + token = UserToken.find_by_token(session[:token]) + session.delete(:token) + else + token = nil + end + + if token.nil? or token.user != user + flash[:notice] = t('user.confirm.success') + redirect_to :action => :login, :referer => referer + else + token.destroy + + session[:user] = user.id + + if referer.nil? + flash[:notice] = t('user.confirm.success') + "

" + t('user.confirm.before you start') + redirect_to :action => :account, :display_name => user.display_name + else + flash[:notice] = t('user.confirm.success') + redirect_to referer + end + end end else - flash.now[:error] = t 'user.confirm.failure' + user = User.find_by_display_name(params[:display_name]) + + if user and user.active? + flash[:error] = t('user.confirm.already active') + elsif user + flash[:error] = t('user.confirm.unknown token') + t('user.confirm.reconfirm', :reconfirm => url_for(:action => 'confirm_resend', :display_name => params[:display_name])) + else + flash[:error] = t('user.confirm.unknown token') + end + + redirect_to :action => 'login' end end end + def confirm_resend + if user = User.find_by_display_name(params[:display_name]) + Notifier.deliver_signup_confirm(user, user.tokens.create) + flash[:notice] = t 'user.confirm_resend.success', :email => user.email + else + flash[:notice] = t 'user.confirm_resend.failure', :name => params[:display_name] + end + + redirect_to :action => 'login' + end + def confirm_email - if params[:confirm_action] + if request.post? token = UserToken.find_by_token(params[:confirm_string]) if token and token.user.new_email? @user = token.user @@ -242,7 +340,8 @@ class UserController < ApplicationController session[:user] = @user.id redirect_to :action => 'account', :display_name => @user.display_name else - flash.now[:error] = t 'user.confirm_email.failure' + flash[:error] = t 'user.confirm_email.failure' + redirect_to :action => 'account', :display_name => @user.display_name end end end @@ -326,14 +425,45 @@ class UserController < ApplicationController @this_user.delete redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] end + + ## + # display a list of users matching specified criteria + def list + if request.post? + ids = params[:user].keys.collect { |id| id.to_i } + + User.update_all("status = 'confirmed'", :id => ids) if params[:confirm] + User.update_all("status = 'deleted'", :id => ids) if params[:hide] + + redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page]) + else + conditions = Hash.new + conditions[:status] = params[:status] if params[:status] + conditions[:creation_ip] = params[:ip] if params[:ip] + + @user_pages, @users = paginate(:users, + :conditions => conditions, + :order => :id, + :per_page => 50) + end + end + private + ## # require that the user is a administrator, or fill out a helpful error message # and return them to the user page. def require_administrator - unless @user.administrator? + if @user and not @user.administrator? flash[:error] = t('user.filter.not_an_administrator') - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + + if params[:display_name] + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + else + redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri + end + elsif not @user + redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri end end