X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/5a54630b572d222b0abea05f3e19e1b1951f0aee..b3d92954d3ecfa01555bd621960e17f29d76d8d9:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 839c94e3a..b9cca0cf6 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -11,18 +11,54 @@ class UserController < ApplicationController before_filter :require_allow_read_prefs, :only => [:api_details] before_filter :require_allow_read_gpx, :only => [:api_gpx_files] before_filter :require_cookies, :only => [:login, :confirm] - before_filter :require_administrator, :only => [:activate, :deactivate, :confirm, :hide, :unhide, :delete] - before_filter :lookup_this_user, :only => [:activate, :deactivate, :confirm, :hide, :unhide, :delete] + before_filter :require_administrator, :only => [:set_status, :delete, :list] + before_filter :lookup_this_user, :only => [:set_status, :delete] filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation - cache_sweeper :user_sweeper, :only => [:account, :hide, :unhide, :delete] + cache_sweeper :user_sweeper, :only => [:account, :set_status, :delete], :unless => STATUS == :database_offline + + def terms + @legale = params[:legale] || OSM.IPToCountry(request.remote_ip) || DEFAULT_LEGALE + @text = OSM.legal_text_for_country(@legale) + + if request.xhr? + render :update do |page| + page.replace_html "contributorTerms", :partial => "terms", :locals => { :has_decline => params[:has_decline] } + end + else + @title = t 'user.terms.title' + @user = User.new(params[:user]) if params[:user] + + if @user + if @user.invalid? + render :action => :new + elsif @user.terms_agreed? + redirect_to :action => :account, :display_name => @user.display_name + end + else + redirect_to :action => :login, :referer => request.request_uri + end + end + end def save @title = t 'user.new.title' if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"}) render :action => 'new' + elsif params[:decline] + redirect_to t('user.terms.declined') + elsif @user + if !@user.terms_agreed? + @user.consider_pd = params[:user][:consider_pd] + @user.terms_agreed = Time.now.getutc + if @user.save + flash[:notice] = t 'user.new.terms accepted' + end + end + + redirect_to :action => :account, :display_name => @user.display_name else @user = User.new(params[:user]) @@ -31,6 +67,7 @@ class UserController < ApplicationController @user.description = "" if @user.description.nil? @user.creation_ip = request.remote_ip @user.languages = request.user_preferred_languages + @user.terms_agreed = Time.now.getutc if @user.save flash[:notice] = t 'user.new.flash create success message' @@ -70,9 +107,9 @@ class UserController < ApplicationController set_locale if @user.new_email.nil? or @user.new_email.empty? - flash.now[:notice] = t 'user.account.flash update success' + flash[:notice] = t 'user.account.flash update success' else - flash.now[:notice] = t 'user.account.flash update success confirm needed' + flash[:notice] = t 'user.account.flash update success confirm needed' begin Notifier.deliver_email_confirm(@user, @user.tokens.create) @@ -80,6 +117,8 @@ class UserController < ApplicationController # Ignore errors sending email end end + + redirect_to :action => "account", :display_name => @user.display_name end else if flash[:errors] @@ -127,7 +166,7 @@ class UserController < ApplicationController if params[:user] @user.pass_crypt = params[:user][:pass_crypt] @user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation] - @user.status = "active" + @user.status = "active" if @user.status == "pending" @user.email_valid = true if @user.save @@ -167,17 +206,22 @@ class UserController < ApplicationController # them to that unless they've also got a block on them, in # which case redirect them to the block so they can clear it. if user.blocked_on_view - redirect_to user.blocked_on_view, :referrer => params[:referrer] + redirect_to user.blocked_on_view, :referer => params[:referer] elsif params[:referer] redirect_to params[:referer] else redirect_to :controller => 'site', :action => 'index' end - elsif User.authenticate(:username => email_or_display_name, :password => pass, :inactive => true) + elsif User.authenticate(:username => email_or_display_name, :password => pass, :pending => true) flash.now[:error] = t 'user.login.account not active' + elsif User.authenticate(:username => email_or_display_name, :password => pass, :suspended => true) + webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" + flash.now[:error] = t 'user.login.account suspended', :webmaster => webmaster else flash.now[:error] = t 'user.login.auth failure' end + else + flash.now[:notice] = t 'user.login.notice' end end @@ -314,54 +358,57 @@ class UserController < ApplicationController end ## - # activate a user, allowing them to log in - def activate - @this_user.update_attributes(:status => "active") + # sets a user's status + def set_status + @this_user.update_attributes(:status => params[:status]) redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] end ## - # deactivate a user, preventing them from logging in - def deactivate - @this_user.update_attributes(:status => "pending") + # delete a user, marking them as deleted and removing personal data + def delete + @this_user.delete redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] end ## - # confirm a user, overriding any suspension triggered by spam scoring - def confirm - @this_user.update_attributes(:status => "confirmed") - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] - end + # display a list of users matching specified criteria + def list + if request.post? + ids = params[:user].keys.collect { |id| id.to_i } - ## - # hide a user, marking them as logically deleted - def hide - @this_user.update_attributes(:status => "deleted") - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] - end + User.update_all("status = 'confirmed'", :id => ids) if params[:confirm] + User.update_all("status = 'deleted'", :id => ids) if params[:hide] - ## - # unhide a user, clearing the logically deleted flag - def unhide - @this_user.update_attributes(:status => "active") - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page]) + else + conditions = Hash.new + conditions[:status] = params[:status] if params[:status] + conditions[:creation_ip] = params[:ip] if params[:ip] + + @user_pages, @users = paginate(:users, + :conditions => conditions, + :order => :id, + :per_page => 50) + end end - ## - # delete a user, marking them as deleted and removing personal data - def delete - @this_user.delete - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] - end private + ## # require that the user is a administrator, or fill out a helpful error message # and return them to the user page. def require_administrator - unless @user.administrator? + if @user and not @user.administrator? flash[:error] = t('user.filter.not_an_administrator') - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + + if params[:display_name] + redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] + else + redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri + end + elsif not @user + redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri end end