- 'app/controllers/user_blocks_controller.rb'
- 'app/controllers/users_controller.rb'
-# Offense count: 18
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: ExpectedOrder, Include.
-# ExpectedOrder: index, show, new, edit, create, update, destroy
-# Include: app/controllers/**/*.rb
-Rails/ActionOrder:
- Exclude:
- - 'app/controllers/api/changesets_controller.rb'
- - 'app/controllers/api/nodes_controller.rb'
- - 'app/controllers/api/notes_controller.rb'
- - 'app/controllers/api/relations_controller.rb'
- - 'app/controllers/api/traces_controller.rb'
- - 'app/controllers/api/users_controller.rb'
- - 'app/controllers/api/ways_controller.rb'
- - 'app/controllers/diary_entries_controller.rb'
- - 'app/controllers/messages_controller.rb'
- - 'app/controllers/oauth_clients_controller.rb'
- - 'app/controllers/redactions_controller.rb'
- - 'app/controllers/traces_controller.rb'
- - 'app/controllers/users_controller.rb'
-
# Offense count: 5
# Configuration parameters: Database, Include.
# SupportedDatabases: mysql, postgresql
# Helper methods for checking consistency
include ConsistencyValidations
+ ##
+ # Return XML giving the basic info about the changeset. Does not
+ # return anything about the nodes, ways and relations in the changeset.
+ def show
+ @changeset = Changeset.find(params[:id])
+ @include_discussion = params[:include_discussion].presence
+ render "changeset"
+
+ respond_to do |format|
+ format.xml
+ format.json
+ end
+ end
+
# Create a changeset from XML.
def create
assert_method :put
render :plain => cs.id.to_s
end
- ##
- # Return XML giving the basic info about the changeset. Does not
- # return anything about the nodes, ways and relations in the changeset.
- def show
- @changeset = Changeset.find(params[:id])
- @include_discussion = params[:include_discussion].presence
- render "changeset"
-
- respond_to do |format|
- format.xml
- format.json
- end
- end
-
##
# marks a changeset as closed. this may be called multiple times
# on the same changeset, so is idempotent.
before_action :set_request_formats, :except => [:create, :update, :delete]
- # Create a node from XML.
- def create
- assert_method :put
+ # Dump the details on many nodes whose ids are given in the "nodes" parameter.
+ def index
+ raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]" unless params["nodes"]
- node = Node.from_xml(request.raw_post, :create => true)
+ ids = params["nodes"].split(",").collect(&:to_i)
- # Assume that Node.from_xml has thrown an exception if there is an error parsing the xml
- node.create_with_history current_user
- render :plain => node.id.to_s
+ raise OSM::APIBadUserInput, "No nodes were given to search for" if ids.empty?
+
+ @nodes = Node.find(ids)
+
+ # Render the result
+ respond_to do |format|
+ format.xml
+ format.json
+ end
end
# Dump the details on a node given in params[:id]
end
end
+ # Create a node from XML.
+ def create
+ assert_method :put
+
+ node = Node.from_xml(request.raw_post, :create => true)
+
+ # Assume that Node.from_xml has thrown an exception if there is an error parsing the xml
+ node.create_with_history current_user
+ render :plain => node.id.to_s
+ end
+
# Update a node from given XML
def update
node = Node.find(params[:id])
node.delete_with_history!(new_node, current_user)
render :plain => node.version.to_s
end
-
- # Dump the details on many nodes whose ids are given in the "nodes" parameter.
- def index
- raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]" unless params["nodes"]
-
- ids = params["nodes"].split(",").collect(&:to_i)
-
- raise OSM::APIBadUserInput, "No nodes were given to search for" if ids.empty?
-
- @nodes = Node.find(ids)
-
- # Render the result
- respond_to do |format|
- format.xml
- format.json
- end
- end
end
end
end
end
+ ##
+ # Read a note
+ def show
+ # Check the arguments are sane
+ raise OSM::APIBadUserInput, "No id was given" unless params[:id]
+
+ # Find the note and check it is valid
+ @note = Note.find(params[:id])
+ raise OSM::APINotFoundError unless @note
+ raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user&.moderator?
+
+ # Render the result
+ respond_to do |format|
+ format.xml
+ format.rss
+ format.json
+ format.gpx
+ end
+ end
+
##
# Create a new note
def create
end
end
+ ##
+ # Delete (hide) a note
+ def destroy
+ # Check the arguments are sane
+ raise OSM::APIBadUserInput, "No id was given" unless params[:id]
+
+ # Extract the arguments
+ id = params[:id].to_i
+ comment = params[:text]
+
+ # Find the note and check it is valid
+ @note = Note.find(id)
+ raise OSM::APINotFoundError unless @note
+ raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+
+ # Mark the note as hidden
+ Note.transaction do
+ @note.status = "hidden"
+ @note.save
+
+ add_comment(@note, comment, "hidden", :notify => false)
+ end
+
+ # Return a copy of the updated note
+ respond_to do |format|
+ format.xml { render :action => :show }
+ format.json { render :action => :show }
+ end
+ end
+
##
# Add a comment to an existing note
def comment
end
end
- ##
- # Read a note
- def show
- # Check the arguments are sane
- raise OSM::APIBadUserInput, "No id was given" unless params[:id]
-
- # Find the note and check it is valid
- @note = Note.find(params[:id])
- raise OSM::APINotFoundError unless @note
- raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user&.moderator?
-
- # Render the result
- respond_to do |format|
- format.xml
- format.rss
- format.json
- format.gpx
- end
- end
-
- ##
- # Delete (hide) a note
- def destroy
- # Check the arguments are sane
- raise OSM::APIBadUserInput, "No id was given" unless params[:id]
-
- # Extract the arguments
- id = params[:id].to_i
- comment = params[:text]
-
- # Find the note and check it is valid
- @note = Note.find(id)
- raise OSM::APINotFoundError unless @note
- raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
-
- # Mark the note as hidden
- Note.transaction do
- @note.status = "hidden"
- @note.save
-
- add_comment(@note, comment, "hidden", :notify => false)
- end
-
- # Return a copy of the updated note
- respond_to do |format|
- format.xml { render :action => :show }
- format.json { render :action => :show }
- end
- end
-
##
# Return a list of notes matching a given string
def search
before_action :set_request_formats, :except => [:create, :update, :delete]
- def create
- assert_method :put
+ def index
+ raise OSM::APIBadUserInput, "The parameter relations is required, and must be of the form relations=id[,id[,id...]]" unless params["relations"]
- relation = Relation.from_xml(request.raw_post, :create => true)
+ ids = params["relations"].split(",").collect(&:to_i)
- # Assume that Relation.from_xml has thrown an exception if there is an error parsing the xml
- relation.create_with_history current_user
- render :plain => relation.id.to_s
+ raise OSM::APIBadUserInput, "No relations were given to search for" if ids.empty?
+
+ @relations = Relation.find(ids)
+
+ # Render the result
+ respond_to do |format|
+ format.xml
+ format.json
+ end
end
def show
end
end
+ def create
+ assert_method :put
+
+ relation = Relation.from_xml(request.raw_post, :create => true)
+
+ # Assume that Relation.from_xml has thrown an exception if there is an error parsing the xml
+ relation.create_with_history current_user
+ render :plain => relation.id.to_s
+ end
+
def update
logger.debug request.raw_post
end
end
- def index
- raise OSM::APIBadUserInput, "The parameter relations is required, and must be of the form relations=id[,id[,id...]]" unless params["relations"]
-
- ids = params["relations"].split(",").collect(&:to_i)
-
- raise OSM::APIBadUserInput, "No relations were given to search for" if ids.empty?
-
- @relations = Relation.find(ids)
-
- # Render the result
- respond_to do |format|
- format.xml
- format.json
- end
- end
-
def relations_for_way
relations_for_object("Way")
end
head :forbidden unless @trace.public? || @trace.user == current_user
end
+ def create
+ tags = params[:tags] || ""
+ description = params[:description] || ""
+ visibility = params[:visibility]
+
+ if visibility.nil?
+ visibility = if params[:public]&.to_i&.nonzero?
+ "public"
+ else
+ "private"
+ end
+ end
+
+ if params[:file].respond_to?(:read)
+ trace = do_create(params[:file], tags, description, visibility)
+
+ if trace.id
+ TraceImporterJob.perform_later(trace)
+ render :plain => trace.id.to_s
+ elsif trace.valid?
+ head :internal_server_error
+ else
+ head :bad_request
+ end
+ else
+ head :bad_request
+ end
+ end
+
def update
trace = Trace.visible.find(params[:id])
end
end
- def create
- tags = params[:tags] || ""
- description = params[:description] || ""
- visibility = params[:visibility]
-
- if visibility.nil?
- visibility = if params[:public]&.to_i&.nonzero?
- "public"
- else
- "private"
- end
- end
-
- if params[:file].respond_to?(:read)
- trace = do_create(params[:file], tags, description, visibility)
-
- if trace.id
- TraceImporterJob.perform_later(trace)
- render :plain => trace.id.to_s
- elsif trace.valid?
- head :internal_server_error
- else
- head :bad_request
- end
- else
- head :bad_request
- end
- end
-
private
def do_create(file, tags, description, visibility)
before_action :set_request_formats, :except => [:gpx_files]
+ def index
+ raise OSM::APIBadUserInput, "The parameter users is required, and must be of the form users=id[,id[,id...]]" unless params["users"]
+
+ ids = params["users"].split(",").collect(&:to_i)
+
+ raise OSM::APIBadUserInput, "No users were given to search for" if ids.empty?
+
+ @users = User.visible.find(ids)
+
+ # Render the result
+ respond_to do |format|
+ format.xml
+ format.json
+ end
+ end
+
def show
if @user.visible?
# Render the result
end
end
- def index
- raise OSM::APIBadUserInput, "The parameter users is required, and must be of the form users=id[,id[,id...]]" unless params["users"]
-
- ids = params["users"].split(",").collect(&:to_i)
-
- raise OSM::APIBadUserInput, "No users were given to search for" if ids.empty?
-
- @users = User.visible.find(ids)
-
- # Render the result
- respond_to do |format|
- format.xml
- format.json
- end
- end
-
def gpx_files
@traces = current_user.traces.reload
render :content_type => "application/xml"
before_action :set_request_formats, :except => [:create, :update, :delete]
- def create
- assert_method :put
+ def index
+ raise OSM::APIBadUserInput, "The parameter ways is required, and must be of the form ways=id[,id[,id...]]" unless params["ways"]
- way = Way.from_xml(request.raw_post, :create => true)
+ ids = params["ways"].split(",").collect(&:to_i)
- # Assume that Way.from_xml has thrown an exception if there is an error parsing the xml
- way.create_with_history current_user
- render :plain => way.id.to_s
+ raise OSM::APIBadUserInput, "No ways were given to search for" if ids.empty?
+
+ @ways = Way.find(ids)
+
+ # Render the result
+ respond_to do |format|
+ format.xml
+ format.json
+ end
end
def show
end
end
+ def create
+ assert_method :put
+
+ way = Way.from_xml(request.raw_post, :create => true)
+
+ # Assume that Way.from_xml has thrown an exception if there is an error parsing the xml
+ way.create_with_history current_user
+ render :plain => way.id.to_s
+ end
+
def update
way = Way.find(params[:id])
new_way = Way.from_xml(request.raw_post)
end
end
- def index
- raise OSM::APIBadUserInput, "The parameter ways is required, and must be of the form ways=id[,id[,id...]]" unless params["ways"]
-
- ids = params["ways"].split(",").collect(&:to_i)
-
- raise OSM::APIBadUserInput, "No ways were given to search for" if ids.empty?
-
- @ways = Way.find(ids)
-
- # Render the result
- respond_to do |format|
- format.xml
- format.json
- end
- end
-
##
# returns all the ways which are currently using the node given in the
# :id parameter. note that this used to return deleted ways as well, but
before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
before_action :allow_thirdparty_images, :only => [:new, :create, :edit, :update, :index, :show, :comments]
+ def index
+ if params[:display_name]
+ @user = User.active.find_by(:display_name => params[:display_name])
+
+ if @user
+ @title = t "diary_entries.index.user_title", :user => @user.display_name
+ @entries = @user.diary_entries
+ else
+ render_unknown_user params[:display_name]
+ return
+ end
+ elsif params[:friends]
+ if current_user
+ @title = t "diary_entries.index.title_friends"
+ @entries = DiaryEntry.where(:user_id => current_user.friends)
+ else
+ require_user
+ return
+ end
+ elsif params[:nearby]
+ if current_user
+ @title = t "diary_entries.index.title_nearby"
+ @entries = DiaryEntry.where(:user_id => current_user.nearby)
+ else
+ require_user
+ return
+ end
+ else
+ @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] })
+
+ if params[:language]
+ @title = t "diary_entries.index.in_language_title", :language => Language.find(params[:language]).english_name
+ @entries = @entries.where(:language_code => params[:language])
+ else
+ @title = t "diary_entries.index.title"
+ end
+ end
+
+ @params = params.permit(:display_name, :friends, :nearby, :language)
+
+ @page = (params[:page] || 1).to_i
+ @page_size = 20
+
+ @entries = @entries.visible unless can? :unhide, DiaryEntry
+ @entries = @entries.order("created_at DESC")
+ @entries = @entries.offset((@page - 1) * @page_size)
+ @entries = @entries.limit(@page_size)
+ @entries = @entries.includes(:user, :language)
+ end
+
+ def show
+ @entry = @user.diary_entries.visible.where(:id => params[:id]).first
+ if @entry
+ @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
+ @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
+ else
+ @title = t "diary_entries.no_such_entry.title", :id => params[:id]
+ render :action => "no_such_entry", :status => :not_found
+ end
+ end
+
def new
@title = t "diary_entries.new.title"
render :action => "new"
end
+ def edit
+ @title = t "diary_entries.edit.title"
+ @diary_entry = DiaryEntry.find(params[:id])
+
+ redirect_to diary_entry_path(@diary_entry.user, @diary_entry) if current_user != @diary_entry.user
+
+ set_map_location
+ rescue ActiveRecord::RecordNotFound
+ render :action => "no_such_entry", :status => :not_found
+ end
+
def create
@title = t "diary_entries.new.title"
end
end
- def edit
- @title = t "diary_entries.edit.title"
- @diary_entry = DiaryEntry.find(params[:id])
-
- redirect_to diary_entry_path(@diary_entry.user, @diary_entry) if current_user != @diary_entry.user
-
- set_map_location
- rescue ActiveRecord::RecordNotFound
- render :action => "no_such_entry", :status => :not_found
- end
-
def update
@title = t "diary_entries.edit.title"
@diary_entry = DiaryEntry.find(params[:id])
render :action => "no_such_entry", :status => :not_found
end
- def index
- if params[:display_name]
- @user = User.active.find_by(:display_name => params[:display_name])
-
- if @user
- @title = t "diary_entries.index.user_title", :user => @user.display_name
- @entries = @user.diary_entries
- else
- render_unknown_user params[:display_name]
- return
- end
- elsif params[:friends]
- if current_user
- @title = t "diary_entries.index.title_friends"
- @entries = DiaryEntry.where(:user_id => current_user.friends)
- else
- require_user
- return
- end
- elsif params[:nearby]
- if current_user
- @title = t "diary_entries.index.title_nearby"
- @entries = DiaryEntry.where(:user_id => current_user.nearby)
- else
- require_user
- return
- end
- else
- @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] })
-
- if params[:language]
- @title = t "diary_entries.index.in_language_title", :language => Language.find(params[:language]).english_name
- @entries = @entries.where(:language_code => params[:language])
- else
- @title = t "diary_entries.index.title"
- end
- end
-
- @params = params.permit(:display_name, :friends, :nearby, :language)
-
- @page = (params[:page] || 1).to_i
- @page_size = 20
-
- @entries = @entries.visible unless can? :unhide, DiaryEntry
- @entries = @entries.order("created_at DESC")
- @entries = @entries.offset((@page - 1) * @page_size)
- @entries = @entries.limit(@page_size)
- @entries = @entries.includes(:user, :language)
- end
-
def rss
if params[:display_name]
user = User.active.find_by(:display_name => params[:display_name])
@entries = @entries.visible.includes(:user).order("created_at DESC").limit(20)
end
- def show
- @entry = @user.diary_entries.visible.where(:id => params[:id]).first
- if @entry
- @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
- @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
- else
- @title = t "diary_entries.no_such_entry.title", :id => params[:id]
- render :action => "no_such_entry", :status => :not_found
- end
- end
-
def hide
entry = DiaryEntry.find(params[:id])
entry.update(:visible => false)
before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy]
before_action :allow_thirdparty_images, :only => [:new, :create, :show]
+ # Show a message
+ def show
+ @title = t ".title"
+ @message = Message.find(params[:id])
+
+ if @message.recipient == current_user || @message.sender == current_user
+ @message.message_read = true if @message.recipient == current_user
+ @message.save
+ else
+ flash[:notice] = t ".wrong_user", :user => current_user.display_name
+ redirect_to login_path(:referer => request.fullpath)
+ end
+ rescue ActiveRecord::RecordNotFound
+ @title = t "messages.no_such_message.title"
+ render :action => "no_such_message", :status => :not_found
+ end
+
# Allow the user to write a new message to another user. This action also
# deals with the sending of that message to the other user when the user
# clicks send.
end
end
+ # Destroy the message.
+ def destroy
+ @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id])
+ @message.from_user_visible = false if @message.sender == current_user
+ @message.to_user_visible = false if @message.recipient == current_user
+ if @message.save && !request.xhr?
+ flash[:notice] = t ".destroyed"
+
+ referer = safe_referer(params[:referer]) if params[:referer]
+
+ redirect_to referer || { :action => :inbox }
+ end
+ rescue ActiveRecord::RecordNotFound
+ @title = t "messages.no_such_message.title"
+ render :action => "no_such_message", :status => :not_found
+ end
+
# Allow the user to reply to another message.
def reply
message = Message.find(params[:message_id])
render :action => "no_such_message", :status => :not_found
end
- # Show a message
- def show
- @title = t ".title"
- @message = Message.find(params[:id])
-
- if @message.recipient == current_user || @message.sender == current_user
- @message.message_read = true if @message.recipient == current_user
- @message.save
- else
- flash[:notice] = t ".wrong_user", :user => current_user.display_name
- redirect_to login_path(:referer => request.fullpath)
- end
- rescue ActiveRecord::RecordNotFound
- @title = t "messages.no_such_message.title"
- render :action => "no_such_message", :status => :not_found
- end
-
# Display the list of messages that have been sent to the user.
def inbox
@title = t ".title"
render :action => "no_such_message", :status => :not_found
end
- # Destroy the message.
- def destroy
- @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id])
- @message.from_user_visible = false if @message.sender == current_user
- @message.to_user_visible = false if @message.recipient == current_user
- if @message.save && !request.xhr?
- flash[:notice] = t ".destroyed"
-
- referer = safe_referer(params[:referer]) if params[:referer]
-
- redirect_to referer || { :action => :inbox }
- end
- rescue ActiveRecord::RecordNotFound
- @title = t "messages.no_such_message.title"
- render :action => "no_such_message", :status => :not_found
- end
-
private
##
@tokens = current_user.oauth_tokens.authorized
end
- def new
- @client_application = ClientApplication.new
- end
-
- def create
- @client_application = current_user.client_applications.build(application_params)
- if @client_application.save
- flash[:notice] = t "oauth_clients.create.flash"
- redirect_to :action => "show", :id => @client_application.id
- else
- render :action => "new"
- end
- end
-
def show
@client_application = current_user.client_applications.find(params[:id])
rescue ActiveRecord::RecordNotFound
render :action => "not_found", :status => :not_found
end
+ def new
+ @client_application = ClientApplication.new
+ end
+
def edit
@client_application = current_user.client_applications.find(params[:id])
rescue ActiveRecord::RecordNotFound
render :action => "not_found", :status => :not_found
end
+ def create
+ @client_application = current_user.client_applications.build(application_params)
+ if @client_application.save
+ flash[:notice] = t "oauth_clients.create.flash"
+ redirect_to :action => "show", :id => @client_application.id
+ else
+ render :action => "new"
+ end
+ end
+
def update
@client_application = current_user.client_applications.find(params[:id])
if @client_application.update(application_params)
@redactions = Redaction.order(:id)
end
+ def show; end
+
def new
@redaction = Redaction.new
end
+ def edit; end
+
def create
@redaction = Redaction.new
@redaction.user = current_user
end
end
- def show; end
-
- def edit; end
-
def update
# NOTE: don't update the user ID
@redaction.title = params[:redaction][:title]
@target_user = target_user
end
- def mine
- redirect_to :action => :index, :display_name => current_user.display_name
- end
-
def show
@trace = Trace.find(params[:id])
@trace = Trace.new(:visibility => default_visibility)
end
+ def edit
+ @trace = Trace.find(params[:id])
+
+ if !@trace.visible?
+ head :not_found
+ elsif current_user.nil? || @trace.user != current_user
+ head :forbidden
+ else
+ @title = t ".title", :name => @trace.name
+ end
+ rescue ActiveRecord::RecordNotFound
+ head :not_found
+ end
+
def create
@title = t ".upload_trace"
end
end
- def data
- trace = Trace.find(params[:id])
-
- if trace.visible? && (trace.public? || (current_user && current_user == trace.user))
- if Acl.no_trace_download(request.remote_ip)
- head :forbidden
- elsif request.format == Mime[:xml]
- send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
- elsif request.format == Mime[:gpx]
- send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
- elsif trace.file.attached?
- redirect_to rails_blob_path(trace.file, :disposition => "attachment")
- else
- send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
- end
- else
- head :not_found
- end
- rescue ActiveRecord::RecordNotFound
- head :not_found
- end
-
- def edit
- @trace = Trace.find(params[:id])
-
- if !@trace.visible?
- head :not_found
- elsif current_user.nil? || @trace.user != current_user
- head :forbidden
- else
- @title = t ".title", :name => @trace.name
- end
- rescue ActiveRecord::RecordNotFound
- head :not_found
- end
-
def update
@trace = Trace.find(params[:id])
head :not_found
end
+ def mine
+ redirect_to :action => :index, :display_name => current_user.display_name
+ end
+
+ def data
+ trace = Trace.find(params[:id])
+
+ if trace.visible? && (trace.public? || (current_user && current_user == trace.user))
+ if Acl.no_trace_download(request.remote_ip)
+ head :forbidden
+ elsif request.format == Mime[:xml]
+ send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
+ elsif request.format == Mime[:gpx]
+ send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
+ elsif trace.file.attached?
+ redirect_to rails_blob_path(trace.file, :disposition => "attachment")
+ else
+ send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
+ end
+ else
+ head :not_found
+ end
+ rescue ActiveRecord::RecordNotFound
+ head :not_found
+ end
+
def georss
@traces = Trace.visible_to_all.visible
before_action :lookup_user_by_name, :only => [:set_status, :destroy]
before_action :allow_thirdparty_images, :only => [:show]
+ ##
+ # display a list of users matching specified criteria
+ def index
+ if request.post?
+ ids = params[:user].keys.collect(&:to_i)
+
+ User.where(:id => ids).update_all(:status => "confirmed") if params[:confirm]
+ User.where(:id => ids).update_all(:status => "deleted") if params[:hide]
+
+ redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page])
+ else
+ @params = params.permit(:status, :ip)
+
+ conditions = {}
+ conditions[:status] = @params[:status] if @params[:status]
+ conditions[:creation_ip] = @params[:ip] if @params[:ip]
+
+ @user_pages, @users = paginate(:users,
+ :conditions => conditions,
+ :order => :id,
+ :per_page => 50)
+ end
+ end
+
+ def show
+ @user = User.find_by(:display_name => params[:display_name])
+
+ if @user &&
+ (@user.visible? || current_user&.administrator?)
+ @title = @user.display_name
+ else
+ render_unknown_user params[:display_name]
+ end
+ end
+
+ def new
+ @title = t "users.new.title"
+ @referer = if params[:referer]
+ safe_referer(params[:referer])
+ else
+ session[:referer]
+ end
+
+ append_content_security_policy_directives(
+ :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+ )
+
+ if current_user
+ # The user is logged in already, so don't show them the signup
+ # page, instead send them to the home page
+ redirect_to @referer || { :controller => "site", :action => "index" }
+ elsif params.key?(:auth_provider) && params.key?(:auth_uid)
+ self.current_user = User.new(:email => params[:email],
+ :email_confirmation => params[:email],
+ :display_name => params[:nickname],
+ :auth_provider => params[:auth_provider],
+ :auth_uid => params[:auth_uid])
+
+ flash.now[:notice] = render_to_string :partial => "auth_association"
+ else
+ check_signup_allowed
+
+ self.current_user = User.new
+ end
+ end
+
+ def create
+ self.current_user = User.new(user_params)
+
+ if check_signup_allowed(current_user.email)
+ session[:referer] = safe_referer(params[:referer]) if params[:referer]
+
+ Rails.logger.info "create: #{session[:referer]}"
+
+ if current_user.auth_provider.present? && current_user.pass_crypt.empty?
+ # We are creating an account with external authentication and
+ # no password was specified so create a random one
+ current_user.pass_crypt = SecureRandom.base64(16)
+ current_user.pass_crypt_confirmation = current_user.pass_crypt
+ end
+
+ if current_user.invalid?
+ # Something is wrong with a new user, so rerender the form
+ render :action => "new"
+ elsif current_user.auth_provider.present?
+ # Verify external authenticator before moving on
+ session[:new_user] = current_user
+ redirect_to auth_url(current_user.auth_provider, current_user.auth_uid), :status => :temporary_redirect
+ else
+ # Save the user record
+ session[:new_user] = current_user
+ redirect_to :action => :terms
+ end
+ end
+ end
+
+ ##
+ # destroy a user, marking them as deleted and removing personal data
+ def destroy
+ @user.soft_destroy!
+ redirect_to user_path(:display_name => params[:display_name])
+ end
+
def terms
@legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || Settings.default_legale
@text = OSM.legal_text_for_country(@legale)
redirect_to edit_account_path
end
- def new
- @title = t "users.new.title"
- @referer = if params[:referer]
- safe_referer(params[:referer])
- else
- session[:referer]
- end
-
- append_content_security_policy_directives(
- :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
- )
-
- if current_user
- # The user is logged in already, so don't show them the signup
- # page, instead send them to the home page
- redirect_to @referer || { :controller => "site", :action => "index" }
- elsif params.key?(:auth_provider) && params.key?(:auth_uid)
- self.current_user = User.new(:email => params[:email],
- :email_confirmation => params[:email],
- :display_name => params[:nickname],
- :auth_provider => params[:auth_provider],
- :auth_uid => params[:auth_uid])
-
- flash.now[:notice] = render_to_string :partial => "auth_association"
- else
- check_signup_allowed
-
- self.current_user = User.new
- end
- end
-
- def create
- self.current_user = User.new(user_params)
-
- if check_signup_allowed(current_user.email)
- session[:referer] = safe_referer(params[:referer]) if params[:referer]
-
- Rails.logger.info "create: #{session[:referer]}"
-
- if current_user.auth_provider.present? && current_user.pass_crypt.empty?
- # We are creating an account with external authentication and
- # no password was specified so create a random one
- current_user.pass_crypt = SecureRandom.base64(16)
- current_user.pass_crypt_confirmation = current_user.pass_crypt
- end
-
- if current_user.invalid?
- # Something is wrong with a new user, so rerender the form
- render :action => "new"
- elsif current_user.auth_provider.present?
- # Verify external authenticator before moving on
- session[:new_user] = current_user
- redirect_to auth_url(current_user.auth_provider, current_user.auth_uid), :status => :temporary_redirect
- else
- # Save the user record
- session[:new_user] = current_user
- redirect_to :action => :terms
- end
- end
- end
-
- def show
- @user = User.find_by(:display_name => params[:display_name])
-
- if @user &&
- (@user.visible? || current_user&.administrator?)
- @title = @user.display_name
- else
- render_unknown_user params[:display_name]
- end
- end
-
##
# sets a user's status
def set_status
redirect_to user_path(:display_name => params[:display_name])
end
- ##
- # destroy a user, marking them as deleted and removing personal data
- def destroy
- @user.soft_destroy!
- redirect_to user_path(:display_name => params[:display_name])
- end
-
- ##
- # display a list of users matching specified criteria
- def index
- if request.post?
- ids = params[:user].keys.collect(&:to_i)
-
- User.where(:id => ids).update_all(:status => "confirmed") if params[:confirm]
- User.where(:id => ids).update_all(:status => "deleted") if params[:hide]
-
- redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page])
- else
- @params = params.permit(:status, :ip)
-
- conditions = {}
- conditions[:status] = @params[:status] if @params[:status]
- conditions[:creation_ip] = @params[:ip] if @params[:ip]
-
- @user_pages, @users = paginate(:users,
- :conditions => conditions,
- :order => :id,
- :per_page => 50)
- end
- end
-
##
# omniauth success callback
def auth_success
projects / rails.git / commitdiff