X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/64ecd02f0b74d2251e30fc1c97fdf1aa60f53e90..fd35873a4be94155746b6d410d601aa97e93687f:/app/controllers/user_controller.rb?ds=inline
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 26c56132c..eb1471b00 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -2,26 +2,34 @@ class UserController < ApplicationController
layout 'site'
before_filter :authorize, :only => [:api_details, :api_gpx_files]
- before_filter :authorize_web, :only => [:account, :go_public, :view, :diary, :make_friend, :remove_friend, :upload_image, :delete_image]
+ before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
before_filter :require_user, :only => [:set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image]
- before_filter :check_database_availability, :except => [:api_details, :api_gpx_files]
- before_filter :check_read_availability, :only => [:api_details, :api_gpx_files]
+ before_filter :check_database_readable, :except => [:api_details, :api_gpx_files]
+ before_filter :check_database_writable, :only => [:login, :new, :set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image]
+ before_filter :check_api_readable, :only => [:api_details, :api_gpx_files]
filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation
def save
@title = 'create account'
- @user = User.new(params[:user])
- @user.data_public = true
- @user.description = "" if @user.description.nil?
-
- if @user.save
- flash[:notice] = "User was successfully created. Check your email for a confirmation note, and you\'ll be mapping in no time :-)
Please note that you won't be able to login until you've received and confirmed your email address."
- Notifier.deliver_signup_confirm(@user, @user.tokens.create)
- redirect_to :action => 'login'
- else
+ if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"})
render :action => 'new'
+ else
+ @user = User.new(params[:user])
+
+ @user.visible = true
+ @user.data_public = true
+ @user.description = "" if @user.description.nil?
+ @user.creation_ip = request.remote_ip
+
+ if @user.save
+ flash[:notice] = "User was successfully created. Check your email for a confirmation note, and you\'ll be mapping in no time :-)
Please note that you won't be able to login until you've received and confirmed your email address.
If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests."
+ Notifier.deliver_signup_confirm(@user, @user.tokens.create)
+ redirect_to :action => 'login'
+ else
+ render :action => 'new'
+ end
end
end
@@ -45,13 +53,11 @@ class UserController < ApplicationController
if @user.save
if params[:user][:email] == @user.new_email
- flash[:notice] = "User information updated successfully. Check your email for a note to confirm your new email address."
+ @notice = "User information updated successfully. Check your email for a note to confirm your new email address."
Notifier.deliver_email_confirm(@user, @user.tokens.create)
else
- flash[:notice] = "User information updated successfully."
+ @notice = "User information updated successfully."
end
- else
- flash.delete(:notice)
end
end
end
@@ -77,16 +83,15 @@ class UserController < ApplicationController
def lost_password
@title = 'lost password'
if params[:user] and params[:user][:email]
- user = User.find_by_email(params[:user][:email])
+ user = User.find_by_email(params[:user][:email], :conditions => {:visible => true})
+
if user
token = user.tokens.create
Notifier.deliver_lost_password(user, token)
- flash[:notice] = "Sorry you lost it :-( but an email is on its way so you can reset it soon."
+ @notice = "Sorry you lost it :-( but an email is on its way so you can reset it soon."
else
- flash[:notice] = "Couldn't find that email address, sorry."
+ @notice = "Couldn't find that email address, sorry."
end
- else
- render :action => 'lost_password'
end
end
@@ -109,14 +114,27 @@ class UserController < ApplicationController
flash[:notice] = "Didn't find that token, check the URL maybe?"
end
end
+
redirect_to :action => 'login'
end
def new
@title = 'create account'
+ # The user is logged in already, so don't show them the signup page, instead
+ # send them to the home page
+ redirect_to :controller => 'site', :action => 'index' if session[:user]
end
def login
+ if session[:user]
+ # The user is logged in already, if the referer param exists, redirect them to that
+ if params[:referer]
+ redirect_to params[:referer]
+ else
+ redirect_to :controller => 'site', :action => 'index'
+ end
+ return
+ end
@title = 'login'
if params[:user]
email_or_display_name = params[:user][:email]
@@ -131,9 +149,9 @@ class UserController < ApplicationController
end
return
elsif User.authenticate(:username => email_or_display_name, :password => pass, :inactive => true)
- flash[:notice] = "Sorry, your account is not active yet.
Please click on the link in the account confirmation email to activate your account."
+ @notice = "Sorry, your account is not active yet.
Please click on the link in the account confirmation email to activate your account."
else
- flash[:notice] = "Sorry, couldn't log in with those details."
+ @notice = "Sorry, couldn't log in with those details."
end
end
end
@@ -167,7 +185,7 @@ class UserController < ApplicationController
session[:user] = @user.id
redirect_to :action => 'account', :display_name => @user.display_name
else
- flash[:notice] = 'Something went wrong confirming that user.'
+ @notice = 'Something went wrong confirming that user.'
end
end
end
@@ -187,7 +205,7 @@ class UserController < ApplicationController
session[:user] = @user.id
redirect_to :action => 'account', :display_name => @user.display_name
else
- flash[:notice] = 'Something went wrong confirming that email address.'
+ @notice = 'Something went wrong confirming that email address.'
end
end
end
@@ -217,7 +235,7 @@ class UserController < ApplicationController
end
def view
- @this_user = User.find_by_display_name(params[:display_name])
+ @this_user = User.find_by_display_name(params[:display_name], :conditions => {:visible => true})
if @this_user
@title = @this_user.display_name
@@ -230,7 +248,7 @@ class UserController < ApplicationController
def make_friend
if params[:display_name]
name = params[:display_name]
- new_friend = User.find_by_display_name(name)
+ new_friend = User.find_by_display_name(name, :conditions => {:visible => true})
friend = Friend.new
friend.user_id = @user.id
friend.friend_user_id = new_friend.id
@@ -244,6 +262,7 @@ class UserController < ApplicationController
else
flash[:notice] = "You are already friends with #{name}."
end
+
redirect_to :controller => 'user', :action => 'view'
end
end
@@ -251,16 +270,15 @@ class UserController < ApplicationController
def remove_friend
if params[:display_name]
name = params[:display_name]
- friend = User.find_by_display_name(name)
+ friend = User.find_by_display_name(name, :conditions => {:visible => true})
if @user.is_friends_with?(friend)
Friend.delete_all "user_id = #{@user.id} AND friend_user_id = #{friend.id}"
flash[:notice] = "#{friend.display_name} was removed from your friends."
else
- flash[:notice] = "#{friend.display_name} was not already one of your friends."
+ flash[:notice] = "#{friend.display_name} is not one of your friends."
end
+
redirect_to :controller => 'user', :action => 'view'
end
end
-
end
-