From: Tom Hughes Date: Thu, 2 Jan 2025 18:50:39 +0000 (+0000) Subject: Merge remote-tracking branch 'upstream/pull/5457' X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/HEAD?hp=8aeb16a50c3cd55c953aaec8dcc2b881fb132c88 Merge remote-tracking branch 'upstream/pull/5457' --- diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 0dd79ea2a..041b7ef5e 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -20,12 +20,15 @@ require: FactoryBot/ExcessiveCreateList: Exclude: - 'test/controllers/api/changeset_comments_controller_test.rb' - - 'test/controllers/api/messages_controller_test.rb' + - 'test/controllers/api/messages/inboxes_controller_test.rb' + - 'test/controllers/api/messages/outboxes_controller_test.rb' - 'test/controllers/changesets_controller_test.rb' - 'test/controllers/diary_entries_controller_test.rb' - 'test/controllers/notes_controller_test.rb' - 'test/controllers/traces_controller_test.rb' - 'test/controllers/user_blocks_controller_test.rb' + - 'test/controllers/users/issued_blocks_controller_test.rb' + - 'test/controllers/users/received_blocks_controller_test.rb' - 'test/system/users_test.rb' # Offense count: 635 diff --git a/Gemfile.lock b/Gemfile.lock index ab8d9f9d1..02b177790 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -92,8 +92,8 @@ GEM autoprefixer-rails (10.4.19.0) execjs (~> 2) aws-eventstream (1.3.0) - aws-partitions (1.1026.0) - aws-sdk-core (3.214.0) + aws-partitions (1.1029.0) + aws-sdk-core (3.214.1) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.992.0) aws-sigv4 (~> 1.9) @@ -120,7 +120,7 @@ GEM erubi (~> 1.4) parser (>= 2.4) smart_properties - bigdecimal (3.1.8) + bigdecimal (3.1.9) binding_of_caller (1.0.1) debug_inspector (>= 1.2.0) bootsnap (1.18.4) @@ -131,7 +131,7 @@ GEM bootstrap_form (5.4.0) actionpack (>= 6.1) activemodel (>= 6.1) - brakeman (6.2.2) + brakeman (7.0.0) racc brotli (0.6.0) browser (5.3.1) @@ -273,7 +273,7 @@ GEM faraday (>= 0.8) faraday-net_http (3.4.0) net-http (>= 0.5.0) - ffi (1.17.0) + ffi (1.17.1) ffi-compiler (1.3.2) ffi (>= 1.15.5) rake @@ -340,7 +340,7 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (2.9.1) - jwt (2.9.3) + jwt (2.10.1) base64 kgio (2.11.4) kramdown (2.5.1) @@ -383,7 +383,7 @@ GEM nap (1.1.0) net-http (0.6.0) uri - net-imap (0.5.2) + net-imap (0.5.4) date net-protocol net-pop (0.1.2) @@ -393,7 +393,7 @@ GEM net-smtp (0.5.0) net-protocol nio4r (2.7.4) - nokogiri (1.17.2) + nokogiri (1.18.1) mini_portile2 (~> 2.8.2) racc (~> 1.4) oauth (1.1.0) @@ -481,7 +481,7 @@ GEM rack (~> 2.2, >= 2.2.4) rack-session (1.0.2) rack (< 3) - rack-test (2.1.0) + rack-test (2.2.0) rack (>= 1.3) rack-uri_sanitizer (0.0.2) rackup (1.0.1) @@ -534,7 +534,7 @@ GEM rchardet (1.8.0) rdoc (6.10.0) psych (>= 4.0.0) - regexp_parser (2.9.3) + regexp_parser (2.10.0) reline (0.6.0) io-console (~> 0.5) request_store (1.7.0) @@ -567,7 +567,7 @@ GEM rubocop-performance (1.23.0) rubocop (>= 1.48.1, < 2.0) rubocop-ast (>= 1.31.1, < 2.0) - rubocop-rails (2.27.0) + rubocop-rails (2.28.0) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.52.0, < 2.0) @@ -580,9 +580,9 @@ GEM ffi (~> 1.12) logger rubyzip (2.3.2) - sanitize (6.1.3) + sanitize (7.0.0) crass (~> 1.0.2) - nokogiri (>= 1.12.0) + nokogiri (>= 1.16.8) sass-embedded (1.64.2) google-protobuf (~> 3.23) rake (>= 13.0.0) @@ -630,7 +630,7 @@ GEM terser (1.2.4) execjs (>= 0.3.0, < 3) thor (1.3.2) - tilt (2.4.0) + tilt (2.5.0) timeout (0.4.3) turbo-rails (2.0.11) actionpack (>= 6.0.0) diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb index e4b9dcf6b..6638016d7 100644 --- a/app/abilities/ability.rb +++ b/app/abilities/ability.rb @@ -24,7 +24,7 @@ class Ability can [:create, :destroy], :session can [:read, :data, :georss], Trace can [:read, :terms, :create, :save, :suspended, :auth_success, :auth_failure], User - can [:read, :blocks_on, :blocks_by], UserBlock + can :read, UserBlock end if user&.active? @@ -56,7 +56,7 @@ class Ability can [:read, :resolve, :ignore, :reopen], Issue can :create, IssueComment can [:create, :update, :destroy], Redaction - can [:create, :revoke_all], UserBlock + can [:create, :destroy], UserBlock can :update, UserBlock, :creator => user can :update, UserBlock, :revoker => user can :update, UserBlock, :active? => true diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb index 36cfee0bb..3fe180eeb 100644 --- a/app/abilities/api_ability.rb +++ b/app/abilities/api_ability.rb @@ -3,12 +3,16 @@ class ApiAbility include CanCan::Ability - def initialize(user) + def initialize(token) can :read, [:version, :capability, :permission, :map] if Settings.status != "database_offline" + user = User.find(token.resource_owner_id) if token + + can [:read, :feed, :search], Note + can :create, Note unless token + can [:read, :download], Changeset - can [:read, :create, :feed, :search], Note can :read, Tracepoint can :read, User can :read, Node @@ -18,22 +22,33 @@ class ApiAbility can :read, UserBlock if user&.active? - can [:comment, :close, :reopen], Note - can [:read, :create, :update, :destroy], Trace - can [:details, :gpx_files], User - can [:read, :update, :update_all, :destroy], UserPreference + can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) + can [:create, :destroy], NoteSubscription if scope?(token, :write_notes) + + can :read, Trace if scope?(token, :read_gpx) + can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) + + can :details, User if scope?(token, :read_prefs) + can :gpx_files, User if scope?(token, :read_gpx) + + can :read, UserPreference if scope?(token, :read_prefs) + can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) + + can [:read, :update, :destroy], Message if scope?(token, :consume_messages) + can :create, Message if scope?(token, :send_messages) if user.terms_agreed? - can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset - can :create, ChangesetComment - can [:create, :update, :delete], [Node, Way, Relation] + can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) + can :create, ChangesetComment if scope?(token, :write_api) + can [:create, :update, :delete], [Node, Way, Relation] if scope?(token, :write_api) end if user.moderator? - can [:destroy, :restore], ChangesetComment - can :destroy, Note + can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) + + can :destroy, Note if scope?(token, :write_notes) - can :redact, [OldNode, OldWay, OldRelation] if user.terms_agreed? + can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && scope?(token, :write_redactions) end end end @@ -65,4 +80,10 @@ class ApiAbility # See the wiki for details: # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities end + + private + + def scope?(token, scope) + token&.includes_scope?(scope) + end end diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb deleted file mode 100644 index 1c2eab41f..000000000 --- a/app/abilities/api_capability.rb +++ /dev/null @@ -1,42 +0,0 @@ -# frozen_string_literal: true - -class ApiCapability - include CanCan::Ability - - def initialize(token) - if Settings.status != "database_offline" - user = User.find(token.resource_owner_id) - - if user&.active? - can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) - can [:create, :destroy], NoteSubscription if scope?(token, :write_notes) - can [:read, :data], Trace if scope?(token, :read_gpx) - can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) - can [:details], User if scope?(token, :read_prefs) - can [:gpx_files], User if scope?(token, :read_gpx) - can :read, UserPreference if scope?(token, :read_prefs) - can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) - can [:inbox, :outbox, :read, :update, :destroy], Message if scope?(token, :consume_messages) - can [:create], Message if scope?(token, :send_messages) - - if user.terms_agreed? - can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) - can :create, ChangesetComment if scope?(token, :write_api) - can [:create, :update, :delete], [Node, Way, Relation] if scope?(token, :write_api) - end - - if user.moderator? - can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) - can :destroy, Note if scope?(token, :write_notes) - can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && scope?(token, :write_redactions) - end - end - end - end - - private - - def scope?(token, scope) - token&.includes_scope?(scope) - end -end diff --git a/app/assets/javascripts/diary_entry.js b/app/assets/javascripts/diary_entry.js index 625d43a52..bd5fd4dd6 100644 --- a/app/assets/javascripts/diary_entry.js +++ b/app/assets/javascripts/diary_entry.js @@ -2,8 +2,10 @@ $(document).ready(function () { var marker, map; function setLocation(e) { - $("#latitude").val(e.latlng.lat); - $("#longitude").val(e.latlng.lng); + const latlng = e.latlng.wrap(); + + $("#latitude").val(latlng.lat); + $("#longitude").val(latlng.lng); if (marker) { map.removeLayer(marker); diff --git a/app/assets/javascripts/index/new_note.js b/app/assets/javascripts/index/new_note.js index 887ba043b..885d7d2c9 100644 --- a/app/assets/javascripts/index/new_note.js +++ b/app/assets/javascripts/index/new_note.js @@ -5,7 +5,7 @@ OSM.NewNote = function (map) { content = $("#sidebar_content"), page = {}, addNoteButton = $(".control-note .control-button"), - newNote, + newNoteMarker, halo; var noteIcons = { @@ -35,39 +35,21 @@ OSM.NewNote = function (map) { OSM.router.route("/note/new"); }); - function createNote(marker, form, url) { - var location = marker.getLatLng().wrap(); - - marker.options.draggable = false; - marker.dragging.disable(); - - $(form).find("input[type=submit]").prop("disabled", true); - + function createNote(location, text, callback) { $.ajax({ - url: url, + url: "/api/0.6/notes.json", type: "POST", oauth: true, data: { lat: location.lat, lon: location.lng, - text: $(form.text).val() + text }, - success: function (feature) { - noteCreated(feature, marker); - } + success: callback }); - - function noteCreated(feature, marker) { - content.find("textarea").val(""); - updateMarker(feature); - newNote = null; - noteLayer.removeLayer(marker); - addNoteButton.removeClass("active"); - OSM.router.route("/note/" + feature.properties.id); - } } - function updateMarker(feature) { + function addCreatedNoteMarker(feature) { var marker = L.marker(feature.geometry.coordinates.reverse(), { icon: noteIcons[feature.properties.status], opacity: 0.9, @@ -75,38 +57,78 @@ OSM.NewNote = function (map) { }); marker.id = feature.properties.id; marker.addTo(noteLayer); - return marker; } - page.pushstate = page.popstate = function (path) { - OSM.loadSidebarContent(path, function () { - page.load(path); + function addHalo(latlng) { + if (halo) map.removeLayer(halo); + + halo = L.circleMarker(latlng, { + weight: 2.5, + radius: 20, + fillOpacity: 0.5, + color: "#FF6200" }); - }; - function newHalo(loc, a) { - var hasHalo = halo && map.hasLayer(halo); + map.addLayer(halo); + } - if (a === "dragstart" && hasHalo) { - map.removeLayer(halo); - } else { - if (hasHalo) map.removeLayer(halo); + function removeHalo() { + if (halo) map.removeLayer(halo); + halo = null; + } - halo = L.circleMarker(loc, { - weight: 2.5, - radius: 20, - fillOpacity: 0.5, - color: "#FF6200" - }); + function addNewNoteMarker(latlng) { + if (newNoteMarker) map.removeLayer(newNoteMarker); - map.addLayer(halo); - } + newNoteMarker = L.marker(latlng, { + icon: noteIcons.new, + opacity: 0.9, + draggable: true + }); + + newNoteMarker.on("dragstart dragend", function (a) { + removeHalo(); + if (a.type === "dragend") { + addHalo(newNoteMarker.getLatLng()); + } + }); + + newNoteMarker.addTo(map); + addHalo(newNoteMarker.getLatLng()); + + newNoteMarker.on("dragend", function () { + content.find("textarea").focus(); + }); } - page.load = function (path) { - if (addNoteButton.hasClass("disabled")) return; - if (addNoteButton.hasClass("active")) return; + function removeNewNoteMarker() { + removeHalo(); + if (newNoteMarker) map.removeLayer(newNoteMarker); + newNoteMarker = null; + } + + function moveNewNotMarkerToClick(e) { + if (newNoteMarker) newNoteMarker.setLatLng(e.latlng); + if (halo) halo.setLatLng(e.latlng); + content.find("textarea").focus(); + } + + function updateControls() { + const zoomedOut = addNoteButton.hasClass("disabled"); + const withoutText = content.find("textarea").val() === ""; + content.find("#new-note-zoom-warning").prop("hidden", !zoomedOut); + content.find("input[type=submit]").prop("disabled", zoomedOut || withoutText); + if (newNoteMarker) newNoteMarker.setOpacity(zoomedOut ? 0.5 : 0.9); + } + + page.pushstate = page.popstate = function (path) { + OSM.loadSidebarContent(path, function () { + page.load(path); + }); + }; + + page.load = function (path) { addNoteButton.addClass("active"); map.addLayer(noteLayer); @@ -124,44 +146,39 @@ OSM.NewNote = function (map) { padding: [50, 50] }); - newNote = L.marker(markerLatlng, { - icon: noteIcons.new, - opacity: 0.9, - draggable: true - }); - - newNote.on("dragstart dragend", function (a) { - newHalo(newNote.getLatLng(), a.type); - }); - - newNote.addTo(noteLayer); - newHalo(newNote.getLatLng()); - - newNote.on("remove", function () { - addNoteButton.removeClass("active"); - }).on("dragend", function () { - content.find("textarea").focus(); - }); + addNewNoteMarker(markerLatlng); content.find("textarea") - .on("input", disableWhenBlank) + .on("input", updateControls) .focus(); - function disableWhenBlank(e) { - $(e.target.form.add).prop("disabled", $(e.target).val() === ""); - } - content.find("input[type=submit]").on("click", function (e) { + const location = newNoteMarker.getLatLng().wrap(); + const text = content.find("textarea").val(); + e.preventDefault(); - createNote(newNote, e.target.form, "/api/0.6/notes.json"); + $(this).prop("disabled", true); + newNoteMarker.options.draggable = false; + newNoteMarker.dragging.disable(); + + createNote(location, text, (feature) => { + content.find("textarea").val(""); + addCreatedNoteMarker(feature); + OSM.router.route("/note/" + feature.properties.id); + }); }); + map.on("click", moveNewNotMarkerToClick); + addNoteButton.on("disabled enabled", updateControls); + updateControls(); + return map.getState(); }; page.unload = function () { - if (newNote) noteLayer.removeLayer(newNote); - if (halo) map.removeLayer(halo); + map.off("click", moveNewNotMarkerToClick); + addNoteButton.off("disabled enabled", updateControls); + removeNewNoteMarker(); addNoteButton.removeClass("active"); }; diff --git a/app/assets/javascripts/leaflet.note.js b/app/assets/javascripts/leaflet.note.js index 5f8010967..19fc9392c 100644 --- a/app/assets/javascripts/leaflet.note.js +++ b/app/assets/javascripts/leaflet.note.js @@ -14,12 +14,19 @@ L.OSM.note = function (options) { map.on("zoomend", update); function update() { - var disabled = OSM.STATUS === "database_offline" || map.getZoom() < 12; + var wasDisabled = link.hasClass("disabled"), + isDisabled = OSM.STATUS === "database_offline" || map.getZoom() < 12; link - .toggleClass("disabled", disabled) - .attr("data-bs-original-title", I18n.t(disabled ? + .toggleClass("disabled", isDisabled) + .attr("data-bs-original-title", I18n.t(isDisabled ? "javascripts.site.createnote_disabled_tooltip" : "javascripts.site.createnote_tooltip")); + + if (isDisabled && !wasDisabled) { + link.trigger("disabled"); + } else if (wasDisabled && !isDisabled) { + link.trigger("enabled"); + } } update(); diff --git a/app/controllers/api/messages/inboxes_controller.rb b/app/controllers/api/messages/inboxes_controller.rb new file mode 100644 index 000000000..d2d2af785 --- /dev/null +++ b/app/controllers/api/messages/inboxes_controller.rb @@ -0,0 +1,12 @@ +module Api + module Messages + class InboxesController < MailboxesController + def show + @skip_body = true + @messages = Message.includes(:sender, :recipient).where(:to_user_id => current_user.id) + + show_messages + end + end + end +end diff --git a/app/controllers/api/messages/mailboxes_controller.rb b/app/controllers/api/messages/mailboxes_controller.rb new file mode 100644 index 000000000..1a8e1439f --- /dev/null +++ b/app/controllers/api/messages/mailboxes_controller.rb @@ -0,0 +1,43 @@ +module Api + module Messages + class MailboxesController < ApiController + before_action :authorize + + authorize_resource :message + + before_action :set_request_formats + + private + + def show_messages + @messages = @messages.where(:muted => false) + if params[:order].nil? || params[:order] == "newest" + @messages = @messages.where(:id => ..params[:from_id]) unless params[:from_id].nil? + @messages = @messages.order(:id => :desc) + elsif params[:order] == "oldest" + @messages = @messages.where(:id => params[:from_id]..) unless params[:from_id].nil? + @messages = @messages.order(:id => :asc) + else + raise OSM::APIBadUserInput, "Invalid order specified" + end + + limit = params[:limit] + if !limit + limit = Settings.default_message_query_limit + elsif !limit.to_i.positive? || limit.to_i > Settings.max_message_query_limit + raise OSM::APIBadUserInput, "Messages limit must be between 1 and #{Settings.max_message_query_limit}" + else + limit = limit.to_i + end + + @messages = @messages.limit(limit) + + # Render the result + respond_to do |format| + format.xml + format.json + end + end + end + end +end diff --git a/app/controllers/api/messages/outboxes_controller.rb b/app/controllers/api/messages/outboxes_controller.rb new file mode 100644 index 000000000..d36264856 --- /dev/null +++ b/app/controllers/api/messages/outboxes_controller.rb @@ -0,0 +1,12 @@ +module Api + module Messages + class OutboxesController < MailboxesController + def show + @skip_body = true + @messages = Message.includes(:sender, :recipient).where(:from_user_id => current_user.id) + + show_messages + end + end + end +end diff --git a/app/controllers/api/messages_controller.rb b/app/controllers/api/messages_controller.rb index 886922bff..ea5abe8df 100644 --- a/app/controllers/api/messages_controller.rb +++ b/app/controllers/api/messages_controller.rb @@ -5,26 +5,11 @@ module Api before_action :authorize before_action :check_api_writable, :only => [:create, :update, :destroy] - before_action :check_api_readable, :except => [:create, :update, :destroy] authorize_resource before_action :set_request_formats - def inbox - @skip_body = true - @messages = Message.includes(:sender, :recipient).where(:to_user_id => current_user.id) - - show_messages - end - - def outbox - @skip_body = true - @messages = Message.includes(:sender, :recipient).where(:from_user_id => current_user.id) - - show_messages - end - # Dump the details on a message given in params[:id] def show @message = Message.includes(:sender, :recipient).find(params[:id]) @@ -111,37 +96,5 @@ module Api format.json { render :action => :show } end end - - private - - def show_messages - @messages = @messages.where(:muted => false) - if params[:order].nil? || params[:order] == "newest" - @messages = @messages.where(:id => ..params[:from_id]) unless params[:from_id].nil? - @messages = @messages.order(:id => :desc) - elsif params[:order] == "oldest" - @messages = @messages.where(:id => params[:from_id]..) unless params[:from_id].nil? - @messages = @messages.order(:id => :asc) - else - raise OSM::APIBadUserInput, "Invalid order specified" - end - - limit = params[:limit] - if !limit - limit = Settings.default_message_query_limit - elsif !limit.to_i.positive? || limit.to_i > Settings.max_message_query_limit - raise OSM::APIBadUserInput, "Messages limit must be between 1 and #{Settings.max_message_query_limit}" - else - limit = limit.to_i - end - - @messages = @messages.limit(limit) - - # Render the result - respond_to do |format| - format.xml - format.json - end - end end end diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 17c98fe8b..5a112b3cf 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -65,9 +65,9 @@ class ApiController < ApplicationController def current_ability # Use capabilities from the oauth token if it exists and is a valid access token if doorkeeper_token&.accessible? - ApiAbility.new(nil).merge(ApiCapability.new(doorkeeper_token)) + ApiAbility.new(doorkeeper_token) else - ApiAbility.new(current_user) + ApiAbility.new(nil) end end diff --git a/app/controllers/messages/inboxes_controller.rb b/app/controllers/messages/inboxes_controller.rb new file mode 100644 index 000000000..96ec27c26 --- /dev/null +++ b/app/controllers/messages/inboxes_controller.rb @@ -0,0 +1,8 @@ +module Messages + class InboxesController < MailboxesController + # Display the list of messages that have been sent to the user. + def show + @title = t ".title" + end + end +end diff --git a/app/controllers/messages/mailboxes_controller.rb b/app/controllers/messages/mailboxes_controller.rb new file mode 100644 index 000000000..a0da9f52b --- /dev/null +++ b/app/controllers/messages/mailboxes_controller.rb @@ -0,0 +1,12 @@ +module Messages + class MailboxesController < ApplicationController + layout "site" + + before_action :authorize_web + before_action :set_locale + + authorize_resource :class => Message + + before_action :check_database_readable + end +end diff --git a/app/controllers/messages/muted_inboxes_controller.rb b/app/controllers/messages/muted_inboxes_controller.rb new file mode 100644 index 000000000..2d025cc9a --- /dev/null +++ b/app/controllers/messages/muted_inboxes_controller.rb @@ -0,0 +1,10 @@ +module Messages + class MutedInboxesController < MailboxesController + # Display the list of muted messages received by the user. + def show + @title = t ".title" + + redirect_to messages_inbox_path if current_user.muted_messages.none? + end + end +end diff --git a/app/controllers/messages/outboxes_controller.rb b/app/controllers/messages/outboxes_controller.rb new file mode 100644 index 000000000..f4d0a509c --- /dev/null +++ b/app/controllers/messages/outboxes_controller.rb @@ -0,0 +1,8 @@ +module Messages + class OutboxesController < MailboxesController + # Display the list of messages that the user has sent to other users. + def show + @title = t ".title" + end + end +end diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 7d86796b1..7162b900a 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -49,7 +49,7 @@ class MessagesController < ApplicationController elsif @message.save flash[:notice] = t ".message_sent" UserMailer.message_notification(@message).deliver_later if @message.notify_recipient? - redirect_to :action => :inbox + redirect_to messages_inbox_path else @title = t "messages.new.title" render :action => "new" @@ -66,7 +66,7 @@ class MessagesController < ApplicationController referer = safe_referer(params[:referer]) if params[:referer] - redirect_to referer || { :action => :inbox }, :status => :see_other + redirect_to referer || messages_inbox_path, :status => :see_other end rescue ActiveRecord::RecordNotFound @title = t "messages.no_such_message.title" @@ -108,23 +108,6 @@ class MessagesController < ApplicationController render :action => "no_such_message", :status => :not_found end - # Display the list of messages that have been sent to the user. - def inbox - @title = t ".title" - end - - # Display the list of messages that the user has sent to other users. - def outbox - @title = t ".title" - end - - # Display the list of muted messages received by the user. - def muted - @title = t ".title" - - redirect_to inbox_messages_path if current_user.muted_messages.none? - end - # Set the message as being read or unread. def mark @message = current_user.messages.unscope(:where => :muted).find(params[:message_id]) @@ -139,9 +122,9 @@ class MessagesController < ApplicationController if @message.save flash[:notice] = notice if @message.muted? - redirect_to muted_messages_path, :status => :see_other + redirect_to messages_muted_inbox_path, :status => :see_other else - redirect_to inbox_messages_path, :status => :see_other + redirect_to messages_inbox_path, :status => :see_other end end rescue ActiveRecord::RecordNotFound @@ -160,9 +143,9 @@ class MessagesController < ApplicationController end if current_user.muted_messages.none? - redirect_to inbox_messages_path + redirect_to messages_inbox_path else - redirect_to muted_messages_path + redirect_to messages_muted_inbox_path end end diff --git a/app/controllers/user_blocks_controller.rb b/app/controllers/user_blocks_controller.rb index 551371794..a526f529e 100644 --- a/app/controllers/user_blocks_controller.rb +++ b/app/controllers/user_blocks_controller.rb @@ -9,11 +9,11 @@ class UserBlocksController < ApplicationController authorize_resource - before_action :lookup_user, :only => [:new, :create, :revoke_all, :blocks_on, :blocks_by] + before_action :lookup_user, :only => [:new, :create] before_action :lookup_user_block, :only => [:show, :edit, :update] before_action :require_valid_params, :only => [:create, :update] before_action :check_database_readable - before_action :check_database_writable, :only => [:create, :update, :revoke_all] + before_action :check_database_writable, :only => [:create, :update] def index @params = params.permit @@ -105,46 +105,6 @@ class UserBlocksController < ApplicationController end end - ## - # revokes all active blocks - def revoke_all - if request.post? && params[:confirm] - @user.blocks.active.each { |block| block.revoke!(current_user) } - flash[:notice] = t ".flash" - redirect_to user_blocks_on_path(@user) - end - end - - ## - # shows a list of all the blocks on the given user - def blocks_on - @params = params.permit(:display_name) - - user_blocks = UserBlock.where(:user => @user) - - @user_blocks, @newer_user_blocks_id, @older_user_blocks_id = get_page_items(user_blocks, :includes => [:user, :creator, :revoker]) - - @show_user_name = false - @show_creator_name = true - - render :partial => "page" if turbo_frame_request_id == "pagination" - end - - ## - # shows a list of all the blocks by the given user. - def blocks_by - @params = params.permit(:display_name) - - user_blocks = UserBlock.where(:creator => @user) - - @user_blocks, @newer_user_blocks_id, @older_user_blocks_id = get_page_items(user_blocks, :includes => [:user, :creator, :revoker]) - - @show_user_name = true - @show_creator_name = false - - render :partial => "page" if turbo_frame_request_id == "pagination" - end - private ## diff --git a/app/controllers/users/issued_blocks_controller.rb b/app/controllers/users/issued_blocks_controller.rb new file mode 100644 index 000000000..b533b5f6d --- /dev/null +++ b/app/controllers/users/issued_blocks_controller.rb @@ -0,0 +1,31 @@ +module Users + class IssuedBlocksController < ApplicationController + include UserMethods + include PaginationMethods + + layout "site" + + before_action :authorize_web + before_action :set_locale + + authorize_resource :class => UserBlock + + before_action :lookup_user + before_action :check_database_readable + + ## + # shows a list of all the blocks by the given user. + def show + @params = params.permit(:user_display_name) + + user_blocks = UserBlock.where(:creator => @user) + + @user_blocks, @newer_user_blocks_id, @older_user_blocks_id = get_page_items(user_blocks, :includes => [:user, :creator, :revoker]) + + @show_user_name = true + @show_creator_name = false + + render :partial => "user_blocks/page" if turbo_frame_request_id == "pagination" + end + end +end diff --git a/app/controllers/users/received_blocks_controller.rb b/app/controllers/users/received_blocks_controller.rb new file mode 100644 index 000000000..6f6cabd26 --- /dev/null +++ b/app/controllers/users/received_blocks_controller.rb @@ -0,0 +1,48 @@ +module Users + class ReceivedBlocksController < ApplicationController + include UserMethods + include PaginationMethods + + layout "site" + + before_action :authorize_web + before_action :set_locale + + authorize_resource :class => UserBlock + + before_action :lookup_user + before_action :check_database_readable + before_action :check_database_writable, :only => :destroy + + ## + # shows a list of all the blocks on the given user + def show + @params = params.permit(:user_display_name) + + user_blocks = UserBlock.where(:user => @user) + + @user_blocks, @newer_user_blocks_id, @older_user_blocks_id = get_page_items(user_blocks, :includes => [:user, :creator, :revoker]) + + @show_user_name = false + @show_creator_name = true + + render :partial => "user_blocks/page" if turbo_frame_request_id == "pagination" + end + + ## + # shows revoke all active blocks page + def edit; end + + ## + # revokes all active blocks + def destroy + if params[:confirm] + @user.blocks.active.each { |block| block.revoke!(current_user) } + flash[:notice] = t ".flash" + redirect_to user_received_blocks_path(@user) + else + render :action => :edit + end + end + end +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 471215c92..fa311ab39 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -77,7 +77,24 @@ class UsersController < ApplicationController render :action => "new" else # Save the user record - save_new_user params[:email_hmac], params[:referer] + if save_new_user params[:email_hmac] + SIGNUP_IP_LIMITER&.update(request.remote_ip) + SIGNUP_EMAIL_LIMITER&.update(canonical_email(current_user.email)) + + flash[:matomo_goal] = Settings.matomo["goals"]["signup"] if defined?(Settings.matomo) + + referer = welcome_path(welcome_options(params[:referer])) + + if current_user.status == "active" + successful_login(current_user, referer) + else + session[:pending_user] = current_user.id + UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later + redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name + end + else + render :action => "new", :referer => params[:referer] + end end end end @@ -238,7 +255,7 @@ class UsersController < ApplicationController private - def save_new_user(email_hmac, referer = nil) + def save_new_user(email_hmac) current_user.data_public = true current_user.description = "" if current_user.description.nil? current_user.creation_address = request.remote_ip @@ -254,24 +271,7 @@ class UsersController < ApplicationController current_user.activate end - if current_user.save - SIGNUP_IP_LIMITER&.update(request.remote_ip) - SIGNUP_EMAIL_LIMITER&.update(canonical_email(current_user.email)) - - flash[:matomo_goal] = Settings.matomo["goals"]["signup"] if defined?(Settings.matomo) - - referer = welcome_path(welcome_options(referer)) - - if current_user.status == "active" - successful_login(current_user, referer) - else - session[:pending_user] = current_user.id - UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later - redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name - end - else - render :action => "new", :referer => params[:referer] - end + current_user.save end def welcome_options(referer = nil) diff --git a/app/views/api/messages/inbox.json.jbuilder b/app/views/api/messages/inbox.json.jbuilder deleted file mode 100644 index 122a82495..000000000 --- a/app/views/api/messages/inbox.json.jbuilder +++ /dev/null @@ -1,5 +0,0 @@ -json.partial! "api/root_attributes" - -json.messages do - json.array! @messages, :partial => "message", :as => :message -end diff --git a/app/views/api/messages/inbox.xml.builder b/app/views/api/messages/inbox.xml.builder deleted file mode 100644 index 0ef9003a9..000000000 --- a/app/views/api/messages/inbox.xml.builder +++ /dev/null @@ -1,7 +0,0 @@ -xml.instruct! - -xml.osm(OSM::API.new.xml_root_attributes) do |osm| - xml.tag! "messages" do - osm << (render(@messages) || "") - end -end diff --git a/app/views/api/messages/mailboxes/show.json.jbuilder b/app/views/api/messages/mailboxes/show.json.jbuilder new file mode 100644 index 000000000..c96e710d4 --- /dev/null +++ b/app/views/api/messages/mailboxes/show.json.jbuilder @@ -0,0 +1,5 @@ +json.partial! "api/root_attributes" + +json.messages do + json.array! @messages, :partial => "api/messages/message", :as => :message +end diff --git a/app/views/api/messages/mailboxes/show.xml.builder b/app/views/api/messages/mailboxes/show.xml.builder new file mode 100644 index 000000000..94aa32fc7 --- /dev/null +++ b/app/views/api/messages/mailboxes/show.xml.builder @@ -0,0 +1,5 @@ +xml.instruct! + +xml.osm(OSM::API.new.xml_root_attributes) do |osm| + osm << (render(:partial => "api/messages/message", :collection => @messages) || "") +end diff --git a/app/views/api/messages/outbox.json.jbuilder b/app/views/api/messages/outbox.json.jbuilder deleted file mode 100644 index 122a82495..000000000 --- a/app/views/api/messages/outbox.json.jbuilder +++ /dev/null @@ -1,5 +0,0 @@ -json.partial! "api/root_attributes" - -json.messages do - json.array! @messages, :partial => "message", :as => :message -end diff --git a/app/views/api/messages/outbox.xml.builder b/app/views/api/messages/outbox.xml.builder deleted file mode 100644 index 440e3429b..000000000 --- a/app/views/api/messages/outbox.xml.builder +++ /dev/null @@ -1,5 +0,0 @@ -xml.instruct! - -xml.osm(OSM::API.new.xml_root_attributes) do |osm| - osm << (render(@messages) || "") -end diff --git a/app/views/confirmations/confirm.html.erb b/app/views/confirmations/confirm.html.erb index 4f98a8539..08dea27b6 100644 --- a/app/views/confirmations/confirm.html.erb +++ b/app/views/confirmations/confirm.html.erb @@ -28,7 +28,9 @@

- <%= t ".resend_html", - :reconfirm_link => link_to(t(".click_here"), url_for(:action => "confirm_resend")) %> + <%= t ".if_need_resend" %>

+ <%= bootstrap_form_tag :url => url_for(:action => "confirm_resend") do |f| %> + <%= f.submit t(".resend_button"), :class => "btn btn-outline-primary" %> + <% end %> <% end %> diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb index 190ea44e5..322b738ec 100644 --- a/app/views/layouts/_header.html.erb +++ b/app/views/layouts/_header.html.erb @@ -96,7 +96,7 @@