# don't allow access to any auth-requiring part of the site unless
# the new CTs have been seen (and accept/decline chosen).
- elsif !@user.terms_seen and flash[:showing_terms].nil?
+ elsif !@user.terms_seen and flash[:skip_terms].nil?
flash[:notice] = t 'user.terms.you need to accept or decline'
if params[:referer]
redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
# if the user hasn't seen the contributor terms then don't
# allow editing - they have to go to the web site and see
# (but can decline) the CTs to continue.
- if REQUIRE_TERMS_SEEN and not @user.terms_seen
+ if REQUIRE_TERMS_SEEN and not @user.terms_seen and flash[:skip_terms].nil?
set_locale
report_error t('application.setup_user_auth.need_to_see_terms'), :forbidden
end
class UserController < ApplicationController
layout :choose_layout
- before_filter :disable_terms_redirect, :only => [:terms, :save, :logout]
+ before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
before_filter :authorize, :only => [:api_details, :api_gpx_files]
before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
before_filter :set_locale, :except => [:api_details, :api_gpx_files]
# this is necessary otherwise going to the user terms page, when
# having not agreed already would cause an infinite redirect loop.
# it's .now so that this doesn't propagate to other pages.
- flash.now[:showing_terms] = true
+ flash.now[:skip_terms] = true
end
end
# revoke the ban
get '/login'
- assert_response :redirect
- assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true"
- follow_redirect!
assert_response :success
post '/login', {'user[email]' => moderator.email, 'user[password]' => "test", :referer => "/blocks/#{block.id}/revoke"}
assert_response :redirect
projects / rails.git / commitdiff