redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri unless @user
end
+ ##
+ # requires the user to be logged in by the token or HTTP methods, or have an
+ # OAuth token with the right capability. this method is a bit of a pain to call
+ # directly, since it's cumbersome to call filters with arguments in rails. to
+ # make it easier to read and write the code, there are some utility methods
+ # below.
+ def require_capability(cap)
+ # when the current token is nil, it means the user logged in with a different
+ # method, otherwise an OAuth token was used, which has to be checked.
+ unless current_token.nil?
+ unless current_token.read_attribute(cap)
+ render :text => "OAuth token doesn't have that capability.", :status => :forbidden
+ return false
+ end
+ end
+ end
+
+ # Utility methods to make the controller filter methods easier to read and write.
+ def require_allow_read_prefs
+ require_capability(:allow_read_prefs)
+ end
+ def require_allow_write_prefs
+ require_capability(:allow_write_prefs)
+ end
+ def require_allow_write_diary
+ require_capability(:allow_write_diary)
+ end
+ def require_allow_write_api
+ require_capability(:allow_write_api)
+ end
+ def require_allow_read_gpx
+ require_capability(:allow_read_gpx)
+ end
+ def require_allow_write_gpx
+ require_capability(:allow_write_gpx)
+ end
+
##
# sets up the @user object for use by other methods. this is mostly called
# from the authorize method, but can be called elsewhere if authorisation
# is optional.
def setup_user_auth
- username, passwd = get_auth_data # parse from headers
- # authenticate per-scheme
- if username.nil?
- @user = nil # no authentication provided - perhaps first connect (client should retry after 401)
- elsif username == 'token'
- @user = User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
+ # try and setup using OAuth
+ if oauthenticate
+ @user = current_token.user
else
- @user = User.authenticate(:username => username, :password => passwd) # basic auth
+ username, passwd = get_auth_data # parse from headers
+ # authenticate per-scheme
+ if username.nil?
+ @user = nil # no authentication provided - perhaps first connect (client should retry after 401)
+ elsif username == 'token'
+ @user = User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
+ else
+ @user = User.authenticate(:username => username, :password => passwd) # basic auth
+ end
end
end
end
def set_locale
+ response.header['Vary'] = 'Accept-Language'
+
if @user
if !@user.languages.empty?
request.user_preferred_languages = @user.languages
+ response.header['Vary'] = '*'
elsif !request.user_preferred_languages.empty?
@user.languages = request.user_preferred_languages
@user.save
before_filter :authorize_web, :only => [:list, :list_user, :list_bbox]
before_filter :set_locale, :only => [:list, :list_user, :list_bbox]
before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close]
+ before_filter :require_allow_write_api, :only => [:create, :update, :delete, :upload, :include, :close]
before_filter :require_public_data, :only => [:create, :update, :delete, :upload, :include, :close]
before_filter :check_api_writable, :only => [:create, :update, :delete, :upload, :include]
before_filter :check_api_readable, :except => [:create, :update, :delete, :upload, :download, :query]
if bbox
conditions = cond_merge conditions, conditions_bbox(bbox)
bbox = BoundingBox.from_s(bbox)
- bbox_link = "<a href='#{url_for(:controller => "site", :action => "index", :minlon => bbox.min_lon, :minlat => bbox.min_lat, :maxlon => bbox.max_lon, :maxlat => bbox.max_lat, :box => "yes")}'>#{bbox.to_s}</a>"
+ bbox_link = render_to_string :partial => "bbox", :object => bbox
end
if user
- user_link = "<a href='#{url_for(:controller => "user", :action => "view", :display_name => user.display_name)}'>#{user.display_name}</a>"
+ user_link = render_to_string :partial => "user", :object => user
end
if user and bbox
require 'xml/libxml'
before_filter :authorize, :only => [:create, :update, :delete]
+ before_filter :require_allow_write_api, :only => [:create, :update, :delete]
before_filter :require_public_data, :only => [:create, :update, :delete]
before_filter :check_api_writable, :only => [:create, :update, :delete]
before_filter :check_api_readable, :except => [:create, :update, :delete]
new_node = Node.from_xml(request.raw_post)
unless new_node and new_node.id == node.id
- raise OSM::BadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
+ raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
end
node.update_from(new_node, @user)
render :text => node.version.to_s, :content_type => "text/plain"
new_node = Node.from_xml(request.raw_post)
unless new_node and new_node.id == node.id
- raise OSM::BadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
+ raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
end
node.delete_with_history!(new_node, @user)
render :text => node.version.to_s, :content_type => "text/plain"
ids = params['nodes'].split(',').collect { |n| n.to_i }
if ids.length == 0
- raise OSM::BadUserInput.new("No nodes were given to search for")
+ raise OSM::APIBadUserInput.new("No nodes were given to search for")
end
doc = OSM::API.new.get_xml_doc
before_filter :check_database_readable, :except => [:api_details, :api_gpx_files]
before_filter :check_database_writable, :only => [:login, :new, :set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image]
before_filter :check_api_readable, :only => [:api_details, :api_gpx_files]
+ before_filter :require_allow_read_prefs, :only => [:api_details]
+ before_filter :require_allow_read_gpx, :only => [:api_gpx_files]
filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation
def account
@title = t 'user.account.title'
+ @tokens = @user.oauth_tokens.find :all, :conditions => 'oauth_tokens.invalidated_at is null and oauth_tokens.authorized_at is not null'
if params[:user] and params[:user][:display_name] and params[:user][:description]
if params[:user][:email] != @user.email
token = UserToken.find_by_token(params[:token])
if token
+ @user = token.user
+
if params[:user]
- @user = token.user
@user.pass_crypt = params[:user][:pass_crypt]
@user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
@user.active = true
greeting: "Hallo,"
hopefully_you: "Jemand (hoffentlich du) hat darum gebeten sein Passwort für das OpenStreetMap-Benutzerkonto mit dieser E-Mail-Adresse zurückzusetzen."
click_the_link: "Wenn du das bist, klicke bitte auf den Link unten, um dein Passwort zurückzusetzen."
- reset_password:
- subject: "[OpenStreetMap] Passwort zurückgesetzt"
- reset_password_plain:
- greeting: "Hallo,"
- reset: "Dein neues Passwort lautet {{new_password}}"
- reset_password_html:
- greeting: "Hallo,"
- reset: "Dein neues Passwort lautet {{new_password}}"
message:
inbox:
title: "Posteingang"
scheduled_for_deletion: "Für Löschung vorgesehener Track"
make_public:
made_public: "veröffentlichter Track"
+ oauth:
+ client_application:
+ request_access: "Die Anwendung {{app_name}} möchte auf Deinen OpenStreetMap-Account zugreifen. Bitte entscheide, ob Du der Anwendung die folgenden Rechte gewähren möchtest. Du kannst alle oder einige der folgenden Rechte gewähren:"
+ allow_to: "Erlaube der Anwendung:"
+ allow_read_prefs: "Deine Benutzereinstellungen zu lesen"
+ allow_write_prefs: "Deine Benutzereinstellungen zu verändern"
+ allow_write_diary: "Blog-Einträge und Kommentare zu schreiben und Freunde einzutragen"
+ allow_write_api: "Die OSM-Datenbank zu ändern"
+ allow_read_gpx: "Deine privaten GPS-Tracks auszulesen"
+ allow_write_gpx: "GPS-Tracks hochzuladen"
+ token:
+ none: "Du hast bislang keinen Anwendungen Zugriff auf Deinen Account gewährt. Du musst jetzt nichts unternehmen, denn die Anwendungen werden Dich dazu auffordern, wenn es nötig ist. Zu einem späteren Zeitpunkt kannst Du in diesem Menü sehen, welche Anwendungen Zugriff erhalten haben, und kannst diese Erlaubnis hier auch widerrufen."
+ application: "Anwendung"
+ issued: "Zugriff gewährt"
+ revoke: "widerrufen"
user:
login:
title: "Anmelden"
video_to_openstreetmap: "introductory video to OpenStreetMap"
more_videos: "There are {{more_videos_link}}."
more_videos_here: "more videos here"
- get_reading: 'Get reading about OpenStreetMap <a href="http://wiki.openstreetmap.org/wiki/Beginners%27_Guide">on the wiki</p> or <a href="http://www.opengeodata.org/">the opengeodata blog</a> which has <a href="http://www.opengeodata.org/?cat=13">podcasts to listen to</a> also!'
+ get_reading: 'Get reading about OpenStreetMap <a href="http://wiki.openstreetmap.org/wiki/Beginners%27_Guide">on the wiki</a> or <a href="http://www.opengeodata.org/">the opengeodata blog</a> which has <a href="http://www.opengeodata.org/?cat=13">podcasts to listen to</a> also!'
wiki_signup: 'You may also want to <a href="http://wiki.openstreetmap.org/index.php?title=Special:Userlogin&type=signup&returnto=Main_Page">sign up to the OpenStreetMap wiki</a>.'
user_wiki_page: 'It is recommended that you create a user wiki page, which includes category tags noting where you are, such as <a href="http://wiki.openstreetmap.org/wiki/Category:Users_in_London">[[Category:Users_in_London]]</a>.'
current_user: 'A list of current users in categories, based on where in the world they are, is available from <a href="http://wiki.openstreetmap.org/wiki/Category:Users_by_geographical_region">Category:Users_by_geographical_region</a>.'
scheduled_for_deletion: "Track scheduled for deletion"
make_public:
made_public: "Track made public"
+ oauth:
+ client_application:
+ request_access: "The application {{app_name}} is requesting access to your account. Please check whether you would like the application to have the following capabilities. You may choose as many or as few as you like."
+ allow_to: "Allow the client application to:"
+ allow_read_prefs: "read your user preferences."
+ allow_write_prefs: "modify your user preferences."
+ allow_write_diary: "create diary entries, comments and make friends."
+ allow_write_api: "modify the map."
+ allow_read_gpx: "read your private GPS traces."
+ allow_write_gpx: "upload GPS traces."
+ new:
+ title: "Register a new application"
+ submit: "Register"
+ edit:
+ title: "Edit your application"
+ submit: "Edit"
+ show:
+ title: "OAuth details for {{app_name}}"
+ key: "Consumer Key:"
+ secret: "Consumer Secret:"
+ url: "Request Token URL:"
+ access_url: "Access Token URL:"
+ authorize_url: "Authorise URL:"
+ support_notice: "We support hmac-sha1 (recommended) as well as plain text in ssl mode."
+ edit: "Edit Details"
+ requests: "Requesting the following permissions from the user:"
+ allow_read_prefs: "read their user preferences."
+ allow_write_prefs: "modify their user preferences."
+ allow_write_diary: "create diary entries, comments and make friends."
+ allow_write_api: "modify the map."
+ allow_read_gpx: "read their private GPS traces."
+ allow_write_gpx: "upload GPS traces."
+ index:
+ title: "My OAuth Details"
+ my_tokens: "My Authorised Applications"
+ list_tokens: "The following tokens have been issued to applications in your name:"
+ application: "Application Name"
+ issued_at: "Issued At"
+ revoke: "Revoke!"
+ my_apps: "My Client Applications"
+ no_apps: "Do you have an application you would like to register for use with us using the {{oauth}} standard? You must register your web application before it can make OAuth requests to this service."
+ registered_apps: "You have the following client applications registered:"
+ register_new: "Register your application"
+ form:
+ name: "Name"
+ required: "Required"
+ url: "Main Application URL"
+ callback_url: "Callback URL"
+ support_url: "Support URL"
+ requests: "Request the following permissions from the user:"
+ allow_read_prefs: "read their user preferences."
+ allow_write_prefs: "modify their user preferences."
+ allow_write_diary: "create diary entries, comments and make friends."
+ allow_write_api: "modify the map."
+ allow_read_gpx: "read their private GPS traces."
+ allow_write_gpx: "upload GPS traces."
+ not_found: "Sorry, that {{type}} could not be found."
user:
login:
title: "Login"
title: "Lost password"
heading: "Forgotten Password?"
email address: "Email Address:"
- new password button: "Send me a new password"
+ new password button: "Reset password"
notice email on way: "Sorry you lost it :-( but an email is on its way so you can reset it soon."
notice email cannot find: "Couldn't find that email address, sorry."
reset_password:
title: "Reset password"
- heading: "Reset Password"
+ heading: "Reset Password for {{user}}"
password: "Password: "
confirm password: "Confirm Password: "
reset: "Reset Password"
nearby users: "Nearby users: "
no nearby users: "There are no users who admit to mapping nearby yet."
change your settings: change your settings
+ my_oauth_details: "View my OAuth details"
friend_map:
your location: Your location
nearby mapper: "Nearby mapper: "