X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/fcddf920a395011ff67fe43fe3e8440254835513..57938f78c7a5f3643560565e98f4e9d2b31aa40b:/app/controllers/user_controller.rb

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index bfb0ef83b..b61579d92 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -1,20 +1,22 @@
 class UserController < ApplicationController
   layout :choose_layout
 
-  skip_before_filter :verify_authenticity_token, :only => [:api_details, :api_gpx_files]
+  skip_before_filter :verify_authenticity_token, :only => [:api_read, :api_details, :api_gpx_files]
   before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
   before_filter :authorize, :only => [:api_details, :api_gpx_files]
-  before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
-  before_filter :set_locale, :except => [:api_details, :api_gpx_files]
+  before_filter :authorize_web, :except => [:api_read, :api_details, :api_gpx_files]
+  before_filter :set_locale, :except => [:api_read, :api_details, :api_gpx_files]
   before_filter :require_user, :only => [:account, :go_public, :make_friend, :remove_friend]
-  before_filter :check_database_readable, :except => [:login, :api_details, :api_gpx_files]
+  before_filter :check_database_readable, :except => [:login, :api_read, :api_details, :api_gpx_files]
   before_filter :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public, :make_friend, :remove_friend]
-  before_filter :check_api_readable, :only => [:api_details, :api_gpx_files]
+  before_filter :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files]
   before_filter :require_allow_read_prefs, :only => [:api_details]
   before_filter :require_allow_read_gpx, :only => [:api_gpx_files]
   before_filter :require_cookies, :only => [:login, :confirm]
   before_filter :require_administrator, :only => [:set_status, :delete, :list]
-  before_filter :lookup_this_user, :only => [:set_status, :delete]
+  around_filter :api_call_handle_error, :only => [:api_read, :api_details, :api_gpx_files]
+  before_filter :lookup_user_by_id, :only => [:api_read]
+  before_filter :lookup_user_by_name, :only => [:set_status, :delete]
 
   cache_sweeper :user_sweeper, :only => [:account, :set_status, :delete]
 
@@ -49,8 +51,8 @@ class UserController < ApplicationController
       if params[:user] and params[:user][:openid_url] and @user.pass_crypt.empty?
         # We are creating an account with OpenID and no password
         # was specified so create a random one
-        @user.pass_crypt = SecureRandom.base64(16) 
-        @user.pass_crypt_confirmation = @user.pass_crypt 
+        @user.pass_crypt = SecureRandom.base64(16)
+        @user.pass_crypt_confirmation = @user.pass_crypt
       end
 
       if @user
@@ -125,7 +127,7 @@ class UserController < ApplicationController
       @user.terms_agreed = Time.now.getutc
       @user.terms_seen = true
       @user.openid_url = nil if @user.openid_url and @user.openid_url.empty?
-      
+
       if @user.save
         flash[:piwik_goal] = PIWIK_SIGNUP_GOAL if defined?(PIWIK_SIGNUP_GOAL)
         flash[:notice] = t 'user.new.flash create success message', :email => @user.email
@@ -297,7 +299,7 @@ class UserController < ApplicationController
           referer = token.referer
           token.destroy
 
-          if session[:token] 
+          if session[:token]
             token = UserToken.find_by_token(session[:token])
             session.delete(:token)
           else
@@ -373,6 +375,15 @@ class UserController < ApplicationController
     end
   end
 
+  def api_read
+    render :nothing => true, :status => :gone unless @this_user.visible?
+  end
+
+  def api_details
+    @this_user = @user
+    render :action => :api_read
+  end
+
   def api_gpx_files
     doc = OSM::API.new.get_xml_doc
     @user.traces.each do |trace|
@@ -592,7 +603,7 @@ private
     else
       return openid_url
     end
-  end  
+  end
 
   ##
   # process a successful login
@@ -652,8 +663,15 @@ private
     user.languages = params[:user][:languages].split(",")
 
     case params[:image_action]
-    when "new" then user.image = params[:user][:image]
-    when "delete" then user.image = nil
+    when "new" then
+      user.image = params[:user][:image]
+      user.image_use_gravatar = false
+    when "delete" then
+      user.image = nil
+      user.image_use_gravatar = false
+    when "gravatar" then
+      user.image = nil
+      user.image_use_gravatar = true
     end
 
     user.home_lat = params[:user][:home_lat]
@@ -714,7 +732,13 @@ private
 
   ##
   # ensure that there is a "this_user" instance variable
-  def lookup_this_user
+  def lookup_user_by_id
+    @this_user = User.find(params[:id])
+  end
+
+  ##
+  # ensure that there is a "this_user" instance variable
+  def lookup_user_by_name
     @this_user = User.find_by_display_name(params[:display_name])
   rescue ActiveRecord::RecordNotFound
     redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user
@@ -738,7 +762,7 @@ private
   ##
   #
   def disable_terms_redirect
-    # this is necessary otherwise going to the user terms page, when 
+    # this is necessary otherwise going to the user terms page, when
     # having not agreed already would cause an infinite redirect loop.
     # it's .now so that this doesn't propagate to other pages.
     flash.now[:skip_terms] = true