X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/a1cb0f04d476101116087286ff072d3a137355cb..63e9c4771a02ecf69a692df3a6df3d236b0c214b:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index c8603afec..97b0de73c 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -1,6 +1,7 @@ class UserController < ApplicationController - layout 'site', :except => :api_details + layout :choose_layout + before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details] before_filter :authorize, :only => [:api_details, :api_gpx_files] before_filter :authorize_web, :except => [:api_details, :api_gpx_files] before_filter :set_locale, :except => [:api_details, :api_gpx_files] @@ -24,7 +25,7 @@ class UserController < ApplicationController if request.xhr? render :update do |page| - page.replace_html "contributorTerms", :partial => "terms", :locals => { :has_decline => params[:has_decline] } + page.replace_html "contributorTerms", :partial => "terms" end else @title = t 'user.terms.title' @@ -53,17 +54,36 @@ class UserController < ApplicationController if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"}) render :action => 'new' elsif params[:decline] - redirect_to t('user.terms.declined') + if @user + @user.terms_seen = true + + if @user.save + flash[:notice] = t 'user.new.terms declined', :url => t('user.new.terms declined url') + end + + if params[:referer] + redirect_to params[:referer] + else + redirect_to :action => :account, :display_name => @user.display_name + end + else + redirect_to t('user.terms.declined') + end elsif @user if !@user.terms_agreed? @user.consider_pd = params[:user][:consider_pd] @user.terms_agreed = Time.now.getutc + @user.terms_seen = true if @user.save flash[:notice] = t 'user.new.terms accepted' end end - redirect_to :action => :account, :display_name => @user.display_name + if params[:referer] + redirect_to params[:referer] + else + redirect_to :action => :account, :display_name => @user.display_name + end else @user = User.new(params[:user]) @@ -73,13 +93,15 @@ class UserController < ApplicationController @user.creation_ip = request.remote_ip @user.languages = request.user_preferred_languages @user.terms_agreed = Time.now.getutc - + @user.terms_seen = true + if @user.save flash[:notice] = t 'user.new.flash create success message', :email => @user.email Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer])) - redirect_to :action => 'login' + session[:token] = @user.tokens.create.token + redirect_to :action => 'login', :referer => params[:referer] else - render :action => 'new' + render :action => 'new', :referer => params[:referer] end end end @@ -108,6 +130,12 @@ class UserController < ApplicationController @user.home_lat = params[:user][:home_lat] @user.home_lon = params[:user][:home_lon] + if params[:user][:preferred_editor] == "default" + @user.preferred_editor = nil + else + @user.preferred_editor = params[:user][:preferred_editor] + end + if @user.save set_locale @@ -207,15 +235,20 @@ class UserController < ApplicationController session[:user] = user.id session_expires_after 1.month if params[:remember_me] - # The user is logged in, if the referer param exists, redirect - # them to that unless they've also got a block on them, in - # which case redirect them to the block so they can clear it. - if user.blocked_on_view - redirect_to user.blocked_on_view, :referer => params[:referer] - elsif params[:referer] - redirect_to params[:referer] + target = params[:referer] || url_for(:controller => :site, :action => :index) + + # The user is logged in, so decide where to send them: + # + # - If they haven't seen the contributor terms, send them there. + # - If they have a block on them, show them that. + # - If they were referred to the login, send them back there. + # - Otherwise, send them to the home page. + if REQUIRE_TERMS_SEEN and not user.terms_seen + redirect_to :controller => :user, :action => :terms, :referer => target + elsif user.blocked_on_view + redirect_to user.blocked_on_view, :referer => target else - redirect_to :controller => 'site', :action => 'index' + redirect_to target end elsif user = User.authenticate(:username => email_or_display_name, :password => pass, :pending => true) flash.now[:error] = t 'user.login.account not active', :reconfirm => url_for(:action => 'confirm_resend', :display_name => user.display_name) @@ -264,14 +297,29 @@ class UserController < ApplicationController user.save! referer = token.referer token.destroy - session[:user] = user.id - unless referer.nil? + if session[:token] + token = UserToken.find_by_token(session[:token]) + session.delete(:token) + else + token = nil + end + + if token.nil? or token.user != user flash[:notice] = t('user.confirm.success') - redirect_to referer + redirect_to :action => :login, :referer => referer else - flash[:notice] = t('user.confirm.success') + "

" + t('user.confirm.before you start') - redirect_to :action => 'account', :display_name => user.display_name + token.destroy + + session[:user] = user.id + + if referer.nil? + flash[:notice] = t('user.confirm.success') + "

" + t('user.confirm.before you start') + redirect_to :action => :account, :display_name => user.display_name + else + flash[:notice] = t('user.confirm.success') + redirect_to referer + end end end else @@ -452,4 +500,28 @@ private rescue ActiveRecord::RecordNotFound redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user end + + ## + # Choose the layout to use. See + # https://rails.lighthouseapp.com/projects/8994/tickets/5371-layout-with-onlyexcept-options-makes-other-actions-render-without-layouts + def choose_layout + oauth_url = url_for(:controller => :oauth, :action => :oauthorize, :only_path => true) + + if [ 'api_details' ].include? action_name + nil + elsif params[:referer] and URI.parse(params[:referer]).path == oauth_url + 'slim' + else + 'site' + end + end + + ## + # + def disable_terms_redirect + # this is necessary otherwise going to the user terms page, when + # having not agreed already would cause an infinite redirect loop. + # it's .now so that this doesn't propagate to other pages. + flash.now[:skip_terms] = true + end end