From: Andy Allan Date: Wed, 12 Jul 2017 15:10:50 +0000 (+0100) Subject: Use current_user to represent the currently logged in user. X-Git-Tag: live~3925^2 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/6f89da05d1741ac66deab93aea64b76dc1e9b8fb Use current_user to represent the currently logged in user. This is already used by the oauth plugin, and is a general rails convention. --- diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index c36ded1c0..9324a8ed5 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -305,7 +305,7 @@ class ApiController < ApplicationController def permissions @permissions = if current_token.present? ClientApplication.all_permissions.select { |p| current_token.read_attribute(p) } - elsif @user + elsif current_user ClientApplication.all_permissions else [] diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb index a5aa52774..41fa14aae 100644 --- a/app/controllers/browse_controller.rb +++ b/app/controllers/browse_controller.rb @@ -58,7 +58,7 @@ class BrowseController < ApplicationController def changeset @type = "changeset" @changeset = Changeset.find(params[:id]) - @comments = if @user && @user.moderator? + @comments = if current_user && current_user.moderator? @changeset.comments.unscope(:where => :visible).includes(:author) else @changeset.comments.includes(:author) @@ -77,7 +77,7 @@ class BrowseController < ApplicationController def note @type = "note" - if @user && @user.moderator? + if current_user && current_user.moderator? @note = Note.find(params[:id]) @note_comments = @note.comments.unscope(:where => :visible) else diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb index e80eb1610..1c658ccbd 100644 --- a/app/controllers/changeset_controller.rb +++ b/app/controllers/changeset_controller.rb @@ -28,11 +28,11 @@ class ChangesetController < ApplicationController cs = Changeset.from_xml(request.raw_post, true) # Assume that Changeset.from_xml has thrown an exception if there is an error parsing the xml - cs.user_id = @user.id + cs.user_id = current_user.id cs.save_with_tags! # Subscribe user to changeset comments - cs.subscribers << @user + cs.subscribers << current_user render :plain => cs.id.to_s end @@ -53,7 +53,7 @@ class ChangesetController < ApplicationController assert_method :put changeset = Changeset.find(params[:id]) - check_changeset_consistency(changeset, @user) + check_changeset_consistency(changeset, current_user) # to close the changeset, we'll just set its closed_at time to # now. this might not be enough if there are concurrency issues, @@ -75,7 +75,7 @@ class ChangesetController < ApplicationController assert_method :post cs = Changeset.find(params[:id]) - check_changeset_consistency(cs, @user) + check_changeset_consistency(cs, current_user) # keep an array of lons and lats lon = [] @@ -127,7 +127,7 @@ class ChangesetController < ApplicationController assert_method :post changeset = Changeset.find(params[:id]) - check_changeset_consistency(changeset, @user) + check_changeset_consistency(changeset, current_user) diff_reader = DiffReader.new(request.raw_post, changeset) Changeset.transaction do @@ -242,8 +242,8 @@ class ChangesetController < ApplicationController changeset = Changeset.find(params[:id]) new_changeset = Changeset.from_xml(request.raw_post) - check_changeset_consistency(changeset, @user) - changeset.update_from(new_changeset, @user) + check_changeset_consistency(changeset, current_user) + changeset.update_from(new_changeset, current_user) render :xml => changeset.to_xml.to_s end @@ -265,7 +265,7 @@ class ChangesetController < ApplicationController end end - if (@params[:friends] || @params[:nearby]) && !@user + if (@params[:friends] || @params[:nearby]) && !current_user require_user return end @@ -277,17 +277,17 @@ class ChangesetController < ApplicationController changesets = conditions_nonempty(Changeset.all) if @params[:display_name] - changesets = if user.data_public? || user == @user + changesets = if user.data_public? || user == current_user changesets.where(:user_id => user.id) else changesets.where("false") end elsif @params[:bbox] changesets = conditions_bbox(changesets, BoundingBox.from_bbox_params(params)) - elsif @params[:friends] && @user - changesets = changesets.where(:user_id => @user.friend_users.identifiable) - elsif @params[:nearby] && @user - changesets = changesets.where(:user_id => @user.nearby) + elsif @params[:friends] && current_user + changesets = changesets.where(:user_id => current_user.friend_users.identifiable) + elsif @params[:nearby] && current_user + changesets = changesets.where(:user_id => current_user.nearby) end if @params[:max_id] @@ -324,17 +324,17 @@ class ChangesetController < ApplicationController # Add a comment to the changeset comment = changeset.comments.create(:changeset => changeset, :body => body, - :author => @user) + :author => current_user) # Notify current subscribers of the new comment changeset.subscribers.visible.each do |user| - if @user != user + if current_user != user Notifier.changeset_comment_notification(comment, user).deliver_now end end # Add the commenter to the subscribers if necessary - changeset.subscribers << @user unless changeset.subscribers.exists?(@user.id) + changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id) # Return a copy of the updated changeset render :xml => changeset.to_xml.to_s @@ -352,10 +352,10 @@ class ChangesetController < ApplicationController # Find the changeset and check it is valid changeset = Changeset.find(id) raise OSM::APIChangesetNotYetClosedError.new(changeset) if changeset.is_open? - raise OSM::APIChangesetAlreadySubscribedError.new(changeset) if changeset.subscribers.exists?(@user.id) + raise OSM::APIChangesetAlreadySubscribedError.new(changeset) if changeset.subscribers.exists?(current_user.id) # Add the subscriber - changeset.subscribers << @user + changeset.subscribers << current_user # Return a copy of the updated changeset render :xml => changeset.to_xml.to_s @@ -373,10 +373,10 @@ class ChangesetController < ApplicationController # Find the changeset and check it is valid changeset = Changeset.find(id) raise OSM::APIChangesetNotYetClosedError.new(changeset) if changeset.is_open? - raise OSM::APIChangesetNotSubscribedError.new(changeset) unless changeset.subscribers.exists?(@user.id) + raise OSM::APIChangesetNotSubscribedError.new(changeset) unless changeset.subscribers.exists?(current_user.id) # Remove the subscriber - changeset.subscribers.delete(@user) + changeset.subscribers.delete(current_user) # Return a copy of the updated changeset render :xml => changeset.to_xml.to_s @@ -496,7 +496,7 @@ class ChangesetController < ApplicationController # changesets if they're non-public setup_user_auth - raise OSM::APINotFoundError if @user.nil? || @user.id != u.id + raise OSM::APINotFoundError if current_user.nil? || current_user.id != u.id end changesets.where(:user_id => u.id) diff --git a/app/controllers/diary_entry_controller.rb b/app/controllers/diary_entry_controller.rb index 1635dc0d0..b3518872c 100644 --- a/app/controllers/diary_entry_controller.rb +++ b/app/controllers/diary_entry_controller.rb @@ -14,27 +14,27 @@ class DiaryEntryController < ApplicationController if request.post? @diary_entry = DiaryEntry.new(entry_params) - @diary_entry.user = @user + @diary_entry.user = current_user if @diary_entry.save - default_lang = @user.preferences.where(:k => "diary.default_language").first + default_lang = current_user.preferences.where(:k => "diary.default_language").first if default_lang default_lang.v = @diary_entry.language_code default_lang.save! else - @user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code) + current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code) end # Subscribe user to diary comments - @diary_entry.subscriptions.create(:user => @user) + @diary_entry.subscriptions.create(:user => current_user) - redirect_to :action => "list", :display_name => @user.display_name + redirect_to :action => "list", :display_name => current_user.display_name else render :action => "edit" end else - default_lang = @user.preferences.where(:k => "diary.default_language").first - lang_code = default_lang ? default_lang.v : @user.preferred_language + default_lang = current_user.preferences.where(:k => "diary.default_language").first + lang_code = default_lang ? default_lang.v : current_user.preferred_language @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code)) set_map_location render :action => "edit" @@ -45,7 +45,7 @@ class DiaryEntryController < ApplicationController @title = t "diary_entry.edit.title" @diary_entry = DiaryEntry.find(params[:id]) - if @user != @diary_entry.user + if current_user != @diary_entry.user redirect_to :action => "view", :id => params[:id] elsif params[:diary_entry] && @diary_entry.update_attributes(entry_params) redirect_to :action => "view", :id => params[:id] @@ -59,18 +59,18 @@ class DiaryEntryController < ApplicationController def comment @entry = DiaryEntry.find(params[:id]) @diary_comment = @entry.comments.build(comment_params) - @diary_comment.user = @user + @diary_comment.user = current_user if @diary_comment.save # Notify current subscribers of the new comment @entry.subscribers.visible.each do |user| - if @user != user + if current_user != user Notifier.diary_comment_notification(@diary_comment, user).deliver_now end end # Add the commenter to the subscribers if necessary - @entry.subscriptions.create(:user => @user) unless @entry.subscribers.exists?(@user.id) + @entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id) redirect_to :action => "view", :display_name => @entry.user.display_name, :id => @entry.id else @@ -83,7 +83,7 @@ class DiaryEntryController < ApplicationController def subscribe diary_entry = DiaryEntry.find(params[:id]) - diary_entry.subscriptions.create(:user => @user) unless diary_entry.subscribers.exists?(@user.id) + diary_entry.subscriptions.create(:user => current_user) unless diary_entry.subscribers.exists?(current_user.id) redirect_to :action => "view", :display_name => diary_entry.user.display_name, :id => diary_entry.id rescue ActiveRecord::RecordNotFound @@ -93,7 +93,7 @@ class DiaryEntryController < ApplicationController def unsubscribe diary_entry = DiaryEntry.find(params[:id]) - diary_entry.subscriptions.where(:user => @user).delete_all if diary_entry.subscribers.exists?(@user.id) + diary_entry.subscriptions.where(:user => current_user).delete_all if diary_entry.subscribers.exists?(current_user.id) redirect_to :action => "view", :display_name => diary_entry.user.display_name, :id => diary_entry.id rescue ActiveRecord::RecordNotFound @@ -112,17 +112,17 @@ class DiaryEntryController < ApplicationController return end elsif params[:friends] - if @user + if current_user @title = t "diary_entry.list.title_friends" - @entries = DiaryEntry.where(:user_id => @user.friend_users) + @entries = DiaryEntry.where(:user_id => current_user.friend_users) else require_user return end elsif params[:nearby] - if @user + if current_user @title = t "diary_entry.list.title_nearby" - @entries = DiaryEntry.where(:user_id => @user.nearby) + @entries = DiaryEntry.where(:user_id => current_user.nearby) else require_user return @@ -234,7 +234,7 @@ class DiaryEntryController < ApplicationController # require that the user is a administrator, or fill out a helpful error message # and return them to the user page. def require_administrator - unless @user.administrator? + unless current_user.administrator? flash[:error] = t("user.filter.not_an_administrator") redirect_to :action => "view" end @@ -247,13 +247,13 @@ class DiaryEntryController < ApplicationController @lon = @diary_entry.longitude @lat = @diary_entry.latitude @zoom = 12 - elsif @user.home_lat.nil? || @user.home_lon.nil? + elsif current_user.home_lat.nil? || current_user.home_lon.nil? @lon = params[:lon] || -0.1 @lat = params[:lat] || 51.5 @zoom = params[:zoom] || 4 else - @lon = @user.home_lon - @lat = @user.home_lat + @lon = current_user.home_lon + @lat = current_user.home_lat @zoom = 12 end end diff --git a/app/controllers/message_controller.rb b/app/controllers/message_controller.rb index 450313e62..9b39f1c05 100644 --- a/app/controllers/message_controller.rb +++ b/app/controllers/message_controller.rb @@ -14,18 +14,18 @@ class MessageController < ApplicationController # The display_name param is the display name of the user that the message is being sent to. def new if request.post? - if @user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR + if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR flash[:error] = t "message.new.limit_exceeded" else @message = Message.new(message_params) @message.to_user_id = @this_user.id - @message.from_user_id = @user.id + @message.from_user_id = current_user.id @message.sent_on = Time.now.getutc if @message.save flash[:notice] = t "message.new.message_sent" Notifier.message_notification(@message).deliver_now - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end end end @@ -38,7 +38,7 @@ class MessageController < ApplicationController def reply message = Message.find(params[:message_id]) - if message.to_user_id == @user.id + if message.to_user_id == current_user.id message.update(:message_read => true) @message = Message.new( @@ -51,7 +51,7 @@ class MessageController < ApplicationController render :action => "new" else - flash[:notice] = t "message.reply.wrong_user", :user => @user.display_name + flash[:notice] = t "message.reply.wrong_user", :user => current_user.display_name redirect_to :controller => "user", :action => "login", :referer => request.fullpath end rescue ActiveRecord::RecordNotFound @@ -64,11 +64,11 @@ class MessageController < ApplicationController @title = t "message.read.title" @message = Message.find(params[:message_id]) - if @message.to_user_id == @user.id || @message.from_user_id == @user.id - @message.message_read = true if @message.to_user_id == @user.id + if @message.to_user_id == current_user.id || @message.from_user_id == current_user.id + @message.message_read = true if @message.to_user_id == current_user.id @message.save else - flash[:notice] = t "message.read.wrong_user", :user => @user.display_name + flash[:notice] = t "message.read.wrong_user", :user => current_user.display_name redirect_to :controller => "user", :action => "login", :referer => request.fullpath end rescue ActiveRecord::RecordNotFound @@ -79,24 +79,24 @@ class MessageController < ApplicationController # Display the list of messages that have been sent to the user. def inbox @title = t "message.inbox.title" - if @user && params[:display_name] == @user.display_name + if current_user && params[:display_name] == current_user.display_name else - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end end # Display the list of messages that the user has sent to other users. def outbox @title = t "message.outbox.title" - if @user && params[:display_name] == @user.display_name + if current_user && params[:display_name] == current_user.display_name else - redirect_to :action => "outbox", :display_name => @user.display_name + redirect_to :action => "outbox", :display_name => current_user.display_name end end # Set the message as being read or unread. def mark - @message = Message.where("to_user_id = ? OR from_user_id = ?", @user.id, @user.id).find(params[:message_id]) + @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id]) if params[:mark] == "unread" message_read = false notice = t "message.mark.as_unread" @@ -107,7 +107,7 @@ class MessageController < ApplicationController @message.message_read = message_read if @message.save && !request.xhr? flash[:notice] = notice - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end rescue ActiveRecord::RecordNotFound @title = t "message.no_such_message.title" @@ -116,16 +116,16 @@ class MessageController < ApplicationController # Delete the message. def delete - @message = Message.where("to_user_id = ? OR from_user_id = ?", @user.id, @user.id).find(params[:message_id]) - @message.from_user_visible = false if @message.sender == @user - @message.to_user_visible = false if @message.recipient == @user + @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id]) + @message.from_user_visible = false if @message.sender == current_user + @message.to_user_visible = false if @message.recipient == current_user if @message.save && !request.xhr? flash[:notice] = t "message.delete.deleted" if params[:referer] redirect_to params[:referer] else - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end end rescue ActiveRecord::RecordNotFound diff --git a/app/controllers/node_controller.rb b/app/controllers/node_controller.rb index 9f6703b07..3eb127cb1 100644 --- a/app/controllers/node_controller.rb +++ b/app/controllers/node_controller.rb @@ -18,7 +18,7 @@ class NodeController < ApplicationController node = Node.from_xml(request.raw_post, true) # Assume that Node.from_xml has thrown an exception if there is an error parsing the xml - node.create_with_history @user + node.create_with_history current_user render :plain => node.id.to_s end @@ -44,7 +44,7 @@ class NodeController < ApplicationController raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})") end - node.update_from(new_node, @user) + node.update_from(new_node, current_user) render :plain => node.version.to_s end @@ -58,7 +58,7 @@ class NodeController < ApplicationController unless new_node && new_node.id == node.id raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})") end - node.delete_with_history!(new_node, @user) + node.delete_with_history!(new_node, current_user) render :plain => node.version.to_s end diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 20894c4e8..f577dc2f2 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -160,7 +160,7 @@ class NotesController < ApplicationController # Find the note and check it is valid @note = Note.find_by(:id => id) raise OSM::APINotFoundError unless @note - raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || @user.moderator? + raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator? raise OSM::APINoteAlreadyOpenError.new(@note) unless @note.closed? || !@note.visible? # Reopen the note and add a comment @@ -286,7 +286,7 @@ class NotesController < ApplicationController @page = (params[:page] || 1).to_i @page_size = 10 @notes = @this_user.notes - @notes = @notes.visible unless @user && @user.moderator? + @notes = @notes.visible unless current_user && current_user.moderator? @notes = @notes.order("updated_at DESC, id").distinct.offset((@page - 1) * @page_size).limit(@page_size).preload(:comments => :author).to_a else @title = t "user.no_such_user.title" @@ -341,8 +341,8 @@ class NotesController < ApplicationController def add_comment(note, text, event, notify = true) attributes = { :visible => true, :event => event, :body => text } - if @user - attributes[:author_id] = @user.id + if current_user + attributes[:author_id] = current_user.id else attributes[:author_ip] = request.remote_ip end @@ -350,7 +350,7 @@ class NotesController < ApplicationController comment = note.comments.create!(attributes) note.comments.map(&:author).uniq.each do |user| - if notify && user && user != @user && user.visible? + if notify && user && user != current_user && user.visible? Notifier.note_comment_notification(comment, user).deliver_now end end diff --git a/app/controllers/oauth_clients_controller.rb b/app/controllers/oauth_clients_controller.rb index 1c1877ad4..76fdd6421 100644 --- a/app/controllers/oauth_clients_controller.rb +++ b/app/controllers/oauth_clients_controller.rb @@ -6,8 +6,8 @@ class OauthClientsController < ApplicationController before_action :require_user def index - @client_applications = @user.client_applications - @tokens = @user.oauth_tokens.authorized + @client_applications = current_user.client_applications + @tokens = current_user.oauth_tokens.authorized end def new @@ -15,7 +15,7 @@ class OauthClientsController < ApplicationController end def create - @client_application = @user.client_applications.build(application_params) + @client_application = current_user.client_applications.build(application_params) if @client_application.save flash[:notice] = t "oauth_clients.create.flash" redirect_to :action => "show", :id => @client_application.id @@ -25,21 +25,21 @@ class OauthClientsController < ApplicationController end def show - @client_application = @user.client_applications.find(params[:id]) + @client_application = current_user.client_applications.find(params[:id]) rescue ActiveRecord::RecordNotFound @type = "client application" render :action => "not_found", :status => :not_found end def edit - @client_application = @user.client_applications.find(params[:id]) + @client_application = current_user.client_applications.find(params[:id]) rescue ActiveRecord::RecordNotFound @type = "client application" render :action => "not_found", :status => :not_found end def update - @client_application = @user.client_applications.find(params[:id]) + @client_application = current_user.client_applications.find(params[:id]) if @client_application.update_attributes(application_params) flash[:notice] = t "oauth_clients.update.flash" redirect_to :action => "show", :id => @client_application.id @@ -52,7 +52,7 @@ class OauthClientsController < ApplicationController end def destroy - @client_application = @user.client_applications.find(params[:id]) + @client_application = current_user.client_applications.find(params[:id]) @client_application.destroy flash[:notice] = t "oauth_clients.destroy.flash" redirect_to :action => "index" diff --git a/app/controllers/old_controller.rb b/app/controllers/old_controller.rb index 16f1083de..3815f5ae0 100644 --- a/app/controllers/old_controller.rb +++ b/app/controllers/old_controller.rb @@ -70,6 +70,6 @@ class OldController < ApplicationController private def show_redactions? - @user && @user.moderator? && params[:show_redactions] == "true" + current_user && current_user.moderator? && params[:show_redactions] == "true" end end diff --git a/app/controllers/redactions_controller.rb b/app/controllers/redactions_controller.rb index 129318191..f15060d5b 100644 --- a/app/controllers/redactions_controller.rb +++ b/app/controllers/redactions_controller.rb @@ -19,7 +19,7 @@ class RedactionsController < ApplicationController def create @redaction = Redaction.new - @redaction.user = @user + @redaction.user = current_user @redaction.title = params[:redaction][:title] @redaction.description = params[:redaction][:description] # note that the description format will default to 'markdown' diff --git a/app/controllers/relation_controller.rb b/app/controllers/relation_controller.rb index 846d623f2..97e832049 100644 --- a/app/controllers/relation_controller.rb +++ b/app/controllers/relation_controller.rb @@ -15,7 +15,7 @@ class RelationController < ApplicationController relation = Relation.from_xml(request.raw_post, true) # Assume that Relation.from_xml has thrown an exception if there is an error parsing the xml - relation.create_with_history @user + relation.create_with_history current_user render :plain => relation.id.to_s end @@ -39,7 +39,7 @@ class RelationController < ApplicationController raise OSM::APIBadUserInput.new("The id in the url (#{relation.id}) is not the same as provided in the xml (#{new_relation.id})") end - relation.update_from new_relation, @user + relation.update_from new_relation, current_user render :plain => relation.version.to_s end @@ -47,7 +47,7 @@ class RelationController < ApplicationController relation = Relation.find(params[:id]) new_relation = Relation.from_xml(request.raw_post) if new_relation && new_relation.id == relation.id - relation.delete_with_history!(new_relation, @user) + relation.delete_with_history!(new_relation, current_user) render :plain => relation.version.to_s else head :bad_request diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb index 5ca5c0aab..c727f86d9 100644 --- a/app/controllers/site_controller.rb +++ b/app/controllers/site_controller.rb @@ -92,8 +92,8 @@ class SiteController < ApplicationController @lat = note.lat @lon = note.lon @zoom = 17 - elsif params[:gpx] && @user - trace = Trace.visible_to(@user).find(params[:gpx]) + elsif params[:gpx] && current_user + trace = Trace.visible_to(current_user).find(params[:gpx]) @lat = trace.latitude @lon = trace.longitude @zoom = 16 diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 916a47024..eaeb4f5d0 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -32,7 +32,7 @@ class TraceController < ApplicationController # set title @title = if target_user.nil? t "trace.list.public_traces" - elsif @user && @user == target_user + elsif current_user && current_user == target_user t "trace.list.your_traces" else t "trace.list.public_traces_from", :user => target_user.display_name @@ -46,13 +46,13 @@ class TraceController < ApplicationController # 3 - user's traces, logged in as same user = all user's traces # 4 - user's traces, not logged in as that user = all user's public traces @traces = if target_user.nil? # all traces - if @user - Trace.visible_to(@user) # 1 + if current_user + Trace.visible_to(current_user) # 1 else Trace.visible_to_all # 2 end - elsif @user && @user == target_user - @user.traces # 3 (check vs user id, so no join + can't pick up non-public traces by changing name) + elsif current_user && current_user == target_user + current_user.traces # 3 (check vs user id, so no join + can't pick up non-public traces by changing name) else target_user.traces.visible_to_all # 4 end @@ -86,14 +86,14 @@ class TraceController < ApplicationController end def mine - redirect_to :action => :list, :display_name => @user.display_name + redirect_to :action => :list, :display_name => current_user.display_name end def view @trace = Trace.find(params[:id]) if @trace && @trace.visible? && - (@trace.public? || @trace.user == @user) + (@trace.public? || @trace.user == current_user) @title = t "trace.view.title", :name => @trace.name else flash[:error] = t "trace.view.trace_not_found" @@ -119,18 +119,18 @@ class TraceController < ApplicationController if @trace.id flash[:notice] = t "trace.create.trace_uploaded" - if @user.traces.where(:inserted => false).count > 4 - flash[:warning] = t "trace.trace_header.traces_waiting", :count => @user.traces.where(:inserted => false).count + if current_user.traces.where(:inserted => false).count > 4 + flash[:warning] = t "trace.trace_header.traces_waiting", :count => current_user.traces.where(:inserted => false).count end - redirect_to :action => :list, :display_name => @user.display_name + redirect_to :action => :list, :display_name => current_user.display_name end else @trace = Trace.new(:name => "Dummy", :tagstring => params[:trace][:tagstring], :description => params[:trace][:description], :visibility => params[:trace][:visibility], - :inserted => false, :user => @user, + :inserted => false, :user => current_user, :timestamp => Time.now.getutc) @trace.valid? @trace.errors.add(:gpx_file, "can't be blank") @@ -145,7 +145,7 @@ class TraceController < ApplicationController def data trace = Trace.find(params[:id]) - if trace.visible? && (trace.public? || (@user && @user == trace.user)) + if trace.visible? && (trace.public? || (current_user && current_user == trace.user)) if Acl.no_trace_download(request.remote_ip) head :forbidden elsif request.format == Mime[:xml] @@ -167,7 +167,7 @@ class TraceController < ApplicationController if !@trace.visible? head :not_found - elsif @user.nil? || @trace.user != @user + elsif current_user.nil? || @trace.user != current_user head :forbidden else @title = t "trace.edit.title", :name => @trace.name @@ -177,7 +177,7 @@ class TraceController < ApplicationController @trace.tagstring = params[:trace][:tagstring] @trace.visibility = params[:trace][:visibility] if @trace.save - redirect_to :action => "view", :display_name => @user.display_name + redirect_to :action => "view", :display_name => current_user.display_name end end end @@ -190,13 +190,13 @@ class TraceController < ApplicationController if !trace.visible? head :not_found - elsif @user.nil? || trace.user != @user + elsif current_user.nil? || trace.user != current_user head :forbidden else trace.visible = false trace.save flash[:notice] = t "trace.delete.scheduled_for_deletion" - redirect_to :action => :list, :display_name => @user.display_name + redirect_to :action => :list, :display_name => current_user.display_name end rescue ActiveRecord::RecordNotFound head :not_found @@ -219,7 +219,7 @@ class TraceController < ApplicationController trace = Trace.find(params[:id]) if trace.visible? && trace.inserted? - if trace.public? || (@user && @user == trace.user) + if trace.public? || (current_user && current_user == trace.user) expires_in 7.days, :private => !trace.public?, :public => trace.public? send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline") else @@ -236,7 +236,7 @@ class TraceController < ApplicationController trace = Trace.find(params[:id]) if trace.visible? && trace.inserted? - if trace.public? || (@user && @user == trace.user) + if trace.public? || (current_user && current_user == trace.user) expires_in 7.days, :private => !trace.public?, :public => trace.public? send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline") else @@ -252,7 +252,7 @@ class TraceController < ApplicationController def api_read trace = Trace.visible.find(params[:id]) - if trace.public? || trace.user == @user + if trace.public? || trace.user == current_user render :xml => trace.to_xml.to_s else head :forbidden @@ -262,7 +262,7 @@ class TraceController < ApplicationController def api_update trace = Trace.visible.find(params[:id]) - if trace.user == @user + if trace.user == current_user new_trace = Trace.from_xml(request.raw_post) unless new_trace && new_trace.id == trace.id @@ -283,7 +283,7 @@ class TraceController < ApplicationController def api_delete trace = Trace.visible.find(params[:id]) - if trace.user == @user + if trace.user == current_user trace.visible = false trace.save! @@ -296,7 +296,7 @@ class TraceController < ApplicationController def api_data trace = Trace.visible.find(params[:id]) - if trace.public? || trace.user == @user + if trace.public? || trace.user == current_user if request.format == Mime[:xml] send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment") elsif request.format == Mime[:gpx] @@ -357,7 +357,7 @@ class TraceController < ApplicationController :description => description, :visibility => visibility, :inserted => true, - :user => @user, + :user => current_user, :timestamp => Time.now.getutc ) @@ -390,11 +390,11 @@ class TraceController < ApplicationController end # Finally save the user's preferred privacy level - if pref = @user.preferences.where(:k => "gps.trace.visibility").first + if pref = current_user.preferences.where(:k => "gps.trace.visibility").first pref.v = visibility pref.save else - @user.preferences.create(:k => "gps.trace.visibility", :v => visibility) + current_user.preferences.create(:k => "gps.trace.visibility", :v => visibility) end end @@ -407,11 +407,11 @@ class TraceController < ApplicationController end def default_visibility - visibility = @user.preferences.where(:k => "gps.trace.visibility").first + visibility = current_user.preferences.where(:k => "gps.trace.visibility").first if visibility visibility.v - elsif @user.preferences.where(:k => "gps.trace.public", :v => "default").first.nil? + elsif current_user.preferences.where(:k => "gps.trace.public", :v => "default").first.nil? "private" else "public" diff --git a/app/controllers/user_blocks_controller.rb b/app/controllers/user_blocks_controller.rb index ea5cdab10..45cd53728 100644 --- a/app/controllers/user_blocks_controller.rb +++ b/app/controllers/user_blocks_controller.rb @@ -20,7 +20,7 @@ class UserBlocksController < ApplicationController end def show - if @user && @user.id == @user_block.user_id + if current_user && current_user.id == @user_block.user_id @user_block.needs_view = false @user_block.save! end @@ -38,7 +38,7 @@ class UserBlocksController < ApplicationController if @valid_params @user_block = UserBlock.new( :user_id => @this_user.id, - :creator_id => @user.id, + :creator_id => current_user.id, :reason => params[:user_block][:reason], :ends_at => Time.now.getutc + @block_period.hours, :needs_view => params[:user_block][:needs_view] @@ -57,7 +57,7 @@ class UserBlocksController < ApplicationController def update if @valid_params - if @user_block.creator_id != @user.id + if @user_block.creator_id != current_user.id flash[:error] = t("user_block.update.only_creator_can_edit") redirect_to :action => "edit" elsif @user_block.update_attributes( @@ -79,7 +79,7 @@ class UserBlocksController < ApplicationController # revokes the block, setting the end_time to now def revoke if params[:confirm] - if @user_block.revoke! @user + if @user_block.revoke! current_user flash[:notice] = t "user_block.revoke.flash" redirect_to(@user_block) end diff --git a/app/controllers/user_preference_controller.rb b/app/controllers/user_preference_controller.rb index dd4ea8bb1..4b556aed0 100644 --- a/app/controllers/user_preference_controller.rb +++ b/app/controllers/user_preference_controller.rb @@ -11,7 +11,7 @@ class UserPreferenceController < ApplicationController def read doc = OSM::API.new.get_xml_doc - prefs = @user.preferences + prefs = current_user.preferences el1 = XML::Node.new "preferences" @@ -26,14 +26,14 @@ class UserPreferenceController < ApplicationController ## # return the value for a single preference def read_one - pref = UserPreference.find([@user.id, params[:preference_key]]) + pref = UserPreference.find([current_user.id, params[:preference_key]]) render :plain => pref.v.to_s end # update the entire set of preferences def update - old_preferences = @user.preferences.each_with_object({}) do |preference, preferences| + old_preferences = current_user.preferences.each_with_object({}) do |preference, preferences| preferences[preference.k] = preference end @@ -47,7 +47,7 @@ class UserPreferenceController < ApplicationController elsif new_preferences.include?(pt["k"]) raise OSM::APIDuplicatePreferenceError.new(pt["k"]) else - preference = @user.preferences.build(:k => pt["k"], :v => pt["v"]) + preference = current_user.preferences.build(:k => pt["k"], :v => pt["v"]) end new_preferences[preference.k] = preference @@ -64,10 +64,10 @@ class UserPreferenceController < ApplicationController # update the value of a single preference def update_one begin - pref = UserPreference.find([@user.id, params[:preference_key]]) + pref = UserPreference.find([current_user.id, params[:preference_key]]) rescue ActiveRecord::RecordNotFound pref = UserPreference.new - pref.user = @user + pref.user = current_user pref.k = params[:preference_key] end @@ -80,7 +80,7 @@ class UserPreferenceController < ApplicationController ## # delete a single preference def delete_one - UserPreference.find([@user.id, params[:preference_key]]).delete + UserPreference.find([current_user.id, params[:preference_key]]).delete render :plain => "" end diff --git a/app/controllers/user_roles_controller.rb b/app/controllers/user_roles_controller.rb index 9c0339c7a..2f5b5a84c 100644 --- a/app/controllers/user_roles_controller.rb +++ b/app/controllers/user_roles_controller.rb @@ -10,7 +10,7 @@ class UserRolesController < ApplicationController before_action :in_role, :only => [:revoke] def grant - @this_user.roles.create(:role => @role, :granter_id => @user.id) + @this_user.roles.create(:role => @role, :granter_id => current_user.id) redirect_to :controller => "user", :action => "view", :display_name => @this_user.display_name end @@ -25,7 +25,7 @@ class UserRolesController < ApplicationController # require that the user is an administrator, or fill out a helpful error message # and return them to theuser page. def require_administrator - unless @user.administrator? + unless current_user.administrator? flash[:error] = t "user_role.filter.not_an_administrator" redirect_to :controller => "user", :action => "view", :display_name => @this_user.display_name end diff --git a/app/controllers/way_controller.rb b/app/controllers/way_controller.rb index f7f270575..8e9e00b88 100644 --- a/app/controllers/way_controller.rb +++ b/app/controllers/way_controller.rb @@ -15,7 +15,7 @@ class WayController < ApplicationController way = Way.from_xml(request.raw_post, true) # Assume that Way.from_xml has thrown an exception if there is an error parsing the xml - way.create_with_history @user + way.create_with_history current_user render :plain => way.id.to_s end @@ -39,7 +39,7 @@ class WayController < ApplicationController raise OSM::APIBadUserInput.new("The id in the url (#{way.id}) is not the same as provided in the xml (#{new_way.id})") end - way.update_from(new_way, @user) + way.update_from(new_way, current_user) render :plain => way.version.to_s end @@ -49,7 +49,7 @@ class WayController < ApplicationController new_way = Way.from_xml(request.raw_post) if new_way && new_way.id == way.id - way.delete_with_history!(new_way, @user) + way.delete_with_history!(new_way, current_user) render :plain => way.version.to_s else head :bad_request