X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/823f6b4d3621521603b66d8e09859dd87821348c..4cd2d22788cbc8acf411c9f9436eee85a4590c5f:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8a27a2fef..2ceeda7be 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -61,7 +61,8 @@ class ApplicationController < ActionController::Base # method, otherwise an OAuth token was used, which has to be checked. unless current_token.nil? unless current_token.read_attribute(cap) - report_error "OAuth token doesn't have that capability.", :forbidden + set_locale + report_error t("oauth.permissions.missing"), :forbidden false end end @@ -152,11 +153,11 @@ class ApplicationController < ActionController::Base # have we identified the user? if @user # check if the user has been banned - user_block = @user.blocks.active.take - unless user_block.nil? + user_block = @user.blocks.active.take + unless user_block.nil? set_locale - if @user.blocks.active.take.zero_hour? - report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden + if user_block.zero_hour? + report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden else report_error t("application.setup_user_auth.blocked"), :forbidden end @@ -364,7 +365,8 @@ class ApplicationController < ActionController::Base rescue ActionView::Template::Error => ex ex = ex.original_exception - if ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/ + if ex.is_a?(Timeout::Error) || + (ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/) render :action => "timeout" else raise @@ -407,6 +409,18 @@ class ApplicationController < ActionController::Base end def map_layout + append_content_security_policy_directives( + :connect_src => %w(nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com), + :script_src => %w(graphhopper.com open.mapquestapi.com), + :img_src => %w(developer.mapquest.com) + ) + + if STATUS == :database_offline || STATUS == :api_offline + flash.now[:warning] = t("layouts.osm_offline") + elsif STATUS == :database_readonly || STATUS == :api_readonly + flash.now[:warning] = t("layouts.osm_read_only") + end + request.xhr? ? "xhr" : "map" end