X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/7e5cbe87ed37f9cba8224fa4049047d7f981f66a..79c306ad06155549ff6e5929ff20a1149b4862c4:/app/controllers/accounts_controller.rb diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 63da1293f..085d1bfea 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -11,15 +11,11 @@ class AccountsController < ApplicationController before_action :check_database_readable before_action :check_database_writable, :only => [:update] - before_action :allow_thirdparty_images, :only => [:edit, :update] - def edit - @tokens = current_user.oauth_tokens.authorized - - append_content_security_policy_directives( - :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org] - ) + allow_thirdparty_images :only => [:edit, :update] + allow_social_login :only => [:edit, :update] + def edit if errors = session.delete(:user_errors) errors.each do |attribute, error| current_user.errors.add(attribute, error) @@ -29,12 +25,6 @@ class AccountsController < ApplicationController end def update - @tokens = current_user.oauth_tokens.authorized - - append_content_security_policy_directives( - :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org] - ) - user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider) if params[:user][:auth_provider].blank? || @@ -53,12 +43,16 @@ class AccountsController < ApplicationController end def destroy - current_user.soft_destroy! + if current_user.deletion_allowed? + current_user.soft_destroy! - session.delete(:user) - session_expires_automatically + session.delete(:user) + session_expires_automatically - flash[:notice] = t ".success" - redirect_to root_path + flash[:notice] = t ".success" + redirect_to root_path + else + head :bad_request + end end end