def authorize_web
if session[:user]
- @user = User.find(session[:user], :conditions => {:visible => true})
+ @user = User.find(session[:user], :conditions => {:status => ["active", "confirmed", "suspended"]})
+
+ if @user.status == "suspended"
+ session[:user] = nil
+ session_expires_automatically
+
+ redirect_to :controller => "user", :action => "suspended"
+ end
elsif session[:token]
@user = User.authenticate(:token => session[:token])
session[:user] = @user.id
report_error message, :bad_request
rescue OSM::APIError => ex
report_error ex.message, ex.status
+ rescue ActionController::UnknownAction => ex
+ raise
rescue Exception => ex
logger.info("API threw unexpected #{ex.class} exception: #{ex.message}")
ex.backtrace.each { |l| logger.info(l) }
raise OSM::APIBadMethodError.new(method) unless ok
end
+ ##
+ # wrap an api call in a timeout
def api_call_timeout
- Timeout::timeout(APP_CONFIG['api_timeout'], OSM::APITimeoutError) do
+ SystemTimer.timeout_after(APP_CONFIG['api_timeout']) do
yield
end
+ rescue Timeout::Error
+ raise OSM::APITimeoutError
+ end
+
+ ##
+ # wrap a web page in a timeout
+ def web_timeout
+ SystemTimer.timeout_after(APP_CONFIG['web_timeout']) do
+ yield
+ end
+ rescue ActionView::TemplateError => ex
+ if ex.original_exception.is_a?(Timeout::Error)
+ render :action => "timeout"
+ else
+ raise
+ end
+ rescue Timeout::Error
+ render :action => "timeout"
end
##
cache_path = options[:cache_path] || Hash.new
options[:cache_path] = Proc.new do |controller|
- user = controller.instance_variable_get("@user")
-
- case
- when user.nil? then user = :none
- when user.display_name == controller.params[:display_name] then user = :self
- else user = :other
- end
-
- cache_path.merge(controller.params).merge(:locale => I18n.locale, :user => user)
+ cache_path.merge(controller.params).merge(:locale => I18n.locale)
end
actions.push(options)
##
# extend expire_action to expire all variants
def expire_action(options = {})
- path = fragment_cache_key(options).gsub('?', '.').gsub(':', '.')
+ path = ActionCachePath.path_for(self, options, false).gsub('?', '.').gsub(':', '.')
expire_fragment(Regexp.new(Regexp.escape(path) + "\\..*"))
end
+ ##
+ # is the requestor logged in?
+ def logged_in?
+ !@user.nil?
+ end
+
private
# extract authorisation credentials from headers, returns user = nil if none