X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/938cbcd8625b4bc1eb6f0c5b2ce54bc85b34a3e5..68368118a63f4d6c2bed18cdf4dce525256b3a41:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index db8a509bd..0957853ce 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -11,26 +11,45 @@ class UserController < ApplicationController before_filter :require_allow_read_prefs, :only => [:api_details] before_filter :require_allow_read_gpx, :only => [:api_gpx_files] before_filter :require_cookies, :only => [:login, :confirm] - before_filter :require_administrator, :only => [:activate, :deactivate, :hide, :unhide, :delete] - before_filter :lookup_this_user, :only => [:activate, :deactivate, :hide, :unhide, :delete] + before_filter :require_administrator, :only => [:set_status, :delete, :list] + before_filter :lookup_this_user, :only => [:set_status, :delete] filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation - cache_sweeper :user_sweeper, :only => [:account, :hide, :unhide, :delete] + cache_sweeper :user_sweeper, :only => [:account, :set_status, :delete], :unless => OSM_STATUS == :database_offline + + def terms + @title = t 'user.new.title' + @user = User.new(params[:user]) + + @legale = params[:legale] || OSM.IPToCountry(request.remote_ip) || APP_CONFIG['default_legale'] + @text = OSM.legal_text_for_country(@legale) + + if request.xhr? + render :update do |page| + page.replace_html "contributorTerms", :partial => "terms" + end + elsif @user.invalid? + render :action => 'new' + end + end def save @title = t 'user.new.title' if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"}) render :action => 'new' + elsif params[:decline] + redirect_to t('user.terms.declined') else @user = User.new(params[:user]) - @user.visible = true + @user.status = "pending" @user.data_public = true @user.description = "" if @user.description.nil? @user.creation_ip = request.remote_ip @user.languages = request.user_preferred_languages + @user.terms_agreed = Time.now.getutc if @user.save flash[:notice] = t 'user.new.flash create success message' @@ -70,9 +89,9 @@ class UserController < ApplicationController set_locale if @user.new_email.nil? or @user.new_email.empty? - flash.now[:notice] = t 'user.account.flash update success' + flash[:notice] = t 'user.account.flash update success' else - flash.now[:notice] = t 'user.account.flash update success confirm needed' + flash[:notice] = t 'user.account.flash update success confirm needed' begin Notifier.deliver_email_confirm(@user, @user.tokens.create) @@ -80,6 +99,8 @@ class UserController < ApplicationController # Ignore errors sending email end end + + redirect_to :action => "account", :display_name => @user.display_name end else if flash[:errors] @@ -102,7 +123,7 @@ class UserController < ApplicationController @title = t 'user.lost_password.title' if params[:user] and params[:user][:email] - user = User.find_by_email(params[:user][:email], :conditions => {:visible => true}) + user = User.find_by_email(params[:user][:email], :conditions => {:status => ["pending", "active", "confirmed"]}) if user token = user.tokens.create @@ -127,7 +148,7 @@ class UserController < ApplicationController if params[:user] @user.pass_crypt = params[:user][:pass_crypt] @user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation] - @user.active = true + @user.status = "active" if @user.status == "pending" @user.email_valid = true if @user.save @@ -173,8 +194,11 @@ class UserController < ApplicationController else redirect_to :controller => 'site', :action => 'index' end - elsif User.authenticate(:username => email_or_display_name, :password => pass, :inactive => true) + elsif User.authenticate(:username => email_or_display_name, :password => pass, :pending => true) flash.now[:error] = t 'user.login.account not active' + elsif User.authenticate(:username => email_or_display_name, :password => pass, :suspended => true) + webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" + flash.now[:error] = t 'user.login.account suspended', :webmaster => webmaster else flash.now[:error] = t 'user.login.auth failure' end @@ -182,19 +206,23 @@ class UserController < ApplicationController end def logout - if session[:token] - token = UserToken.find_by_token(session[:token]) - if token - token.destroy + @title = t 'user.logout.title' + + if params[:session] == request.session_options[:id] + if session[:token] + token = UserToken.find_by_token(session[:token]) + if token + token.destroy + end + session[:token] = nil + end + session[:user] = nil + session_expires_automatically + if params[:referer] + redirect_to params[:referer] + else + redirect_to :controller => 'site', :action => 'index' end - session[:token] = nil - end - session[:user] = nil - session_expires_automatically - if params[:referer] - redirect_to params[:referer] - else - redirect_to :controller => 'site', :action => 'index' end end @@ -203,7 +231,7 @@ class UserController < ApplicationController token = UserToken.find_by_token(params[:confirm_string]) if token and !token.user.active? @user = token.user - @user.active = true + @user.status = "active" @user.email_valid = true @user.save! referer = token.referer @@ -228,7 +256,6 @@ class UserController < ApplicationController @user = token.user @user.email = @user.new_email @user.new_email = nil - @user.active = true @user.email_valid = true if @user.save flash[:notice] = t 'user.confirm_email.success' @@ -268,7 +295,7 @@ class UserController < ApplicationController def make_friend if params[:display_name] name = params[:display_name] - new_friend = User.find_by_display_name(name, :conditions => {:visible => true}) + new_friend = User.find_by_display_name(name, :conditions => {:status => ["active", "confirmed"]}) friend = Friend.new friend.user_id = @user.id friend.friend_user_id = new_friend.id @@ -294,7 +321,7 @@ class UserController < ApplicationController def remove_friend if params[:display_name] name = params[:display_name] - friend = User.find_by_display_name(name, :conditions => {:visible => true}) + friend = User.find_by_display_name(name, :conditions => {:status => ["active", "confirmed"]}) if @user.is_friends_with?(friend) Friend.delete_all "user_id = #{@user.id} AND friend_user_id = #{friend.id}" flash[:notice] = t 'user.remove_friend.success', :name => friend.display_name @@ -311,47 +338,57 @@ class UserController < ApplicationController end ## - # activate a user, allowing them to log in - def activate - @this_user.update_attributes(:active => true) + # sets a user's status + def set_status + @this_user.update_attributes(:status => params[:status]) redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] end ## - # deactivate a user, preventing them from logging in - def deactivate - @this_user.update_attributes(:active => false) + # delete a user, marking them as deleted and removing personal data + def delete + @this_user.delete redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] end ## - # hide a user, marking them as logically deleted - def hide - @this_user.update_attributes(:visible => false) - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] - end + # display a list of users matching specified criteria + def list + if request.post? + ids = params[:user].keys.collect { |id| id.to_i } - ## - # unhide a user, clearing the logically deleted flag - def unhide - @this_user.update_attributes(:visible => true) - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] - end + User.update_all("status = 'confirmed'", :id => ids) if params[:confirm] + User.update_all("status = 'deleted'", :id => ids) if params[:hide] - ## - # delete a user, marking them as deleted and removing personal data - def delete - @this_user.delete - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page]) + else + conditions = Hash.new + conditions[:status] = params[:status] if params[:status] + conditions[:creation_ip] = params[:ip] if params[:ip] + + @user_pages, @users = paginate(:users, + :conditions => conditions, + :order => :id, + :per_page => 50) + end end + private + ## # require that the user is a administrator, or fill out a helpful error message # and return them to the user page. def require_administrator - unless @user.administrator? + if @user and not @user.administrator? flash[:error] = t('user.filter.not_an_administrator') - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + + if params[:display_name] + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + else + redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri + end + elsif not @user + redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri end end