rescue_from RailsParam::InvalidParameterError, :with => :invalid_parameter
- before_action :fetch_body
+ after_action :close_body
attr_accessor :current_user, :oauth_token
private
- def authorize_web
+ def authorize_web(skip_terms: false)
if session[:user]
self.current_user = User.find_by(:id => session[:user], :status => %w[active confirmed suspended])
# don't allow access to any auth-requiring part of the site unless
# the new CTs have been seen (and accept/decline chosen).
- elsif !current_user.terms_seen && flash[:skip_terms].nil?
+ elsif !current_user.terms_seen && !skip_terms
flash[:notice] = t "accounts.terms.show.you need to accept or decline"
if params[:referer]
redirect_to account_terms_path(:referer => params[:referer])
#
# https://issues.apache.org/bugzilla/show_bug.cgi?id=44782
#
- # To work round this we call rewind on the body here, which is added
- # as a filter, to force it to be fetched from Apache into a file.
- def fetch_body
- request.body.rewind
+ # To work round this we call close on the body here, which is added
+ # as a filter, to let Apache know we are done with it.
+ def close_body
+ request.body&.close
end
def map_layout
request.content_security_policy = policy
- case Settings.status
- when "database_offline", "api_offline"
- flash.now[:warning] = t("layouts.osm_offline")
- when "database_readonly", "api_readonly"
- flash.now[:warning] = t("layouts.osm_read_only")
- end
+ flash.now[:warning] = { :partial => "layouts/offline_flash" } unless api_status == "online"
request.xhr? ? "xhr" : "map"
end
end
def deny_access(_exception)
- if doorkeeper_token
- set_locale
- report_error t("oauth.permissions.missing"), :forbidden
- elsif current_user
+ if current_user
set_locale
respond_to do |format|
format.html { redirect_to :controller => "/errors", :action => "forbidden" }
referer&.to_s
end
-
- def scope_enabled?(scope)
- doorkeeper_token&.includes_scope?(scope)
- end
-
- helper_method :scope_enabled?
end
projects / rails.git / blobdiff