]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 2: 389095d)
Merge remote-tracking branch 'upstream/pull/1603'
authorTom Hughes <tom@compton.nu>
Wed, 2 Aug 2017 14:02:39 +0000 (15:02 +0100)
committerTom Hughes <tom@compton.nu>
Wed, 2 Aug 2017 14:02:39 +0000 (15:02 +0100)
40 files changed:
Gemfile patch | blob | history
Gemfile.lock patch | blob | history
app/controllers/application_controller.rb patch | blob | history
app/controllers/user_controller.rb patch | blob | history
app/helpers/application_helper.rb patch | blob | history
app/helpers/user_roles_helper.rb patch | blob | history
app/views/browse/changeset.html.erb patch | blob | history
app/views/changeset/history.html.erb patch | blob | history
app/views/changeset/list.atom.builder patch | blob | history
app/views/diary_entry/view.html.erb patch | blob | history
app/views/layouts/_header.html.erb patch | blob | history
app/views/layouts/_inbox.html.erb patch | blob | history
app/views/layouts/map.html.erb patch | blob | history
app/views/message/_message_count.html.erb patch | blob | history
app/views/message/inbox.html.erb patch | blob | history
app/views/message/new.html.erb patch | blob | history
app/views/message/outbox.html.erb patch | blob | history
app/views/message/read.html.erb patch | blob | history
app/views/oauth/authorize.html.erb patch | blob | history
app/views/redactions/show.html.erb patch | blob | history
app/views/site/_potlatch.html.erb patch | blob | history
app/views/site/_potlatch2.html.erb patch | blob | history
app/views/site/edit.html.erb patch | blob | history
app/views/site/help.html.erb patch | blob | history
app/views/site/id.html.erb patch | blob | history
app/views/user/_contact.html.erb patch | blob | history
app/views/user/account.html.erb patch | blob | history
app/views/user/api_read.builder patch | blob | history
app/views/user/new.html.erb patch | blob | history
app/views/user/reset_password.html.erb patch | blob | history
app/views/user/view.html.erb patch | blob | history
app/views/user_blocks/_block.html.erb patch | blob | history
app/views/user_blocks/blocks_by.html.erb patch | blob | history
app/views/user_blocks/blocks_on.html.erb patch | blob | history
app/views/user_blocks/index.html.erb patch | blob | history
app/views/user_blocks/show.html.erb patch | blob | history
test/controllers/user_controller_test.rb patch | blob | history
test/helpers/application_helper_test.rb patch | blob | history
test/helpers/user_roles_helper_test.rb patch | blob | history
test/integration/cors_test.rb patch | blob | history

diff --git a/Gemfile b/Gemfile
index baa1dcc04985ae87cdc921306368f44633692574..48658f65d371f1097f440d0dee50e35baa8dc6d3 100644 (file)
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
 source "https://rubygems.org"
 
 # Require rails
-gem "rails", "5.0.4"
+gem "rails", "5.0.5"
 
 # Require things which have moved to gems in ruby 1.9
 gem "bigdecimal", "~> 1.1.0", :platforms => :ruby_19
diff --git a/Gemfile.lock b/Gemfile.lock
index 9b79e9ca14db7d80ba66ee285a570a9d5031f097..f73d4a5d8b578ba4ce393d4ff5e8a8a05c3433e5 100644 (file)
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,41 +2,41 @@ GEM
   remote: https://rubygems.org/
   specs:
     SystemTimer (1.2.3)
-    actioncable (5.0.4)
-      actionpack (= 5.0.4)
+    actioncable (5.0.5)
+      actionpack (= 5.0.5)
       nio4r (>= 1.2, < 3.0)
       websocket-driver (~> 0.6.1)
-    actionmailer (5.0.4)
-      actionpack (= 5.0.4)
-      actionview (= 5.0.4)
-      activejob (= 5.0.4)
+    actionmailer (5.0.5)
+      actionpack (= 5.0.5)
+      actionview (= 5.0.5)
+      activejob (= 5.0.5)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.0.4)
-      actionview (= 5.0.4)
-      activesupport (= 5.0.4)
+    actionpack (5.0.5)
+      actionview (= 5.0.5)
+      activesupport (= 5.0.5)
       rack (~> 2.0)
       rack-test (~> 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
     actionpack-page_caching (1.1.0)
       actionpack (>= 4.0.0, < 6)
-    actionview (5.0.4)
-      activesupport (= 5.0.4)
+    actionview (5.0.5)
+      activesupport (= 5.0.5)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.0.4)
-      activesupport (= 5.0.4)
+    activejob (5.0.5)
+      activesupport (= 5.0.5)
       globalid (>= 0.3.6)
-    activemodel (5.0.4)
-      activesupport (= 5.0.4)
-    activerecord (5.0.4)
-      activemodel (= 5.0.4)
-      activesupport (= 5.0.4)
+    activemodel (5.0.5)
+      activesupport (= 5.0.5)
+    activerecord (5.0.5)
+      activemodel (= 5.0.5)
+      activesupport (= 5.0.5)
       arel (~> 7.0)
-    activesupport (5.0.4)
+    activesupport (5.0.5)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (~> 0.7)
       minitest (~> 5.1)
@@ -45,13 +45,13 @@ GEM
       public_suffix (~> 2.0, >= 2.0.2)
     arel (7.1.4)
     ast (2.3.0)
-    autoprefixer-rails (7.1.1.2)
+    autoprefixer-rails (7.1.2.3)
       execjs
     bigdecimal (1.1.0)
     builder (3.2.3)
-    canonical-rails (0.2.0)
+    canonical-rails (0.2.1)
       rails (>= 4.1, < 5.2)
-    capybara (2.14.3)
+    capybara (2.14.4)
       addressable
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
@@ -87,13 +87,13 @@ GEM
     dynamic_form (1.1.4)
     erubis (2.7.0)
     execjs (2.7.0)
-    exifr (1.2.5)
+    exifr (1.3.1)
     factory_girl (4.8.0)
       activesupport (>= 3.0.0)
     factory_girl_rails (4.8.0)
       factory_girl (~> 4.8.0)
       railties (>= 3.0.0)
-    faraday (0.12.1)
+    faraday (0.12.2)
       multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     fspath (3.1.0)
@@ -101,20 +101,20 @@ GEM
     globalid (0.4.0)
       activesupport (>= 4.2.0)
     hashdiff (0.3.4)
-    hashie (3.5.5)
+    hashie (3.5.6)
     htmlentities (4.3.4)
     http_accept_language (2.0.5)
-    i18n (0.8.4)
+    i18n (0.8.6)
     i18n-js (3.0.0)
       i18n (~> 0.6, >= 0.6.6)
-    image_optim (0.24.3)
+    image_optim (0.25.0)
       exifr (~> 1.2, >= 1.2.2)
       fspath (~> 3.0)
       image_size (~> 1.5)
       in_threads (~> 1.3)
       progress (~> 3.0, >= 3.0.1)
-    image_optim_rails (0.4.0)
-      image_optim (~> 0.24.0)
+    image_optim_rails (0.4.1)
+      image_optim (~> 0.24)
       rails
       sprockets
     image_size (1.5.0)
@@ -156,7 +156,7 @@ GEM
     mime-types-data (3.2016.0521)
     mimemagic (0.3.0)
     mini_portile2 (2.2.0)
-    minitest (5.10.2)
+    minitest (5.10.3)
     multi_json (1.12.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
@@ -185,7 +185,7 @@ GEM
     omniauth-github (1.3.0)
       omniauth (~> 1.5)
       omniauth-oauth2 (>= 1.4.0, < 2.0)
-    omniauth-google-oauth2 (0.5.0)
+    omniauth-google-oauth2 (0.5.2)
       jwt (~> 1.5)
       multi_json (~> 1.3)
       omniauth (>= 1.1.1)
@@ -211,7 +211,7 @@ GEM
       cocaine (~> 0.5.5)
       mime-types
       mimemagic (= 0.3.0)
-    parallel (1.11.2)
+    parallel (1.12.0)
     parser (2.4.0.0)
       ast (~> 2.2)
     pg (0.21.0)
@@ -223,26 +223,26 @@ GEM
     progress (3.3.1)
     psych (2.2.4)
     public_suffix (2.0.5)
-    r2 (0.2.6)
+    r2 (0.2.7)
     rack (2.0.3)
-    rack-cors (0.4.1)
+    rack-cors (1.0.1)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
     rack-uri_sanitizer (0.0.2)
-    rails (5.0.4)
-      actioncable (= 5.0.4)
-      actionmailer (= 5.0.4)
-      actionpack (= 5.0.4)
-      actionview (= 5.0.4)
-      activejob (= 5.0.4)
-      activemodel (= 5.0.4)
-      activerecord (= 5.0.4)
-      activesupport (= 5.0.4)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 5.0.4)
+    rails (5.0.5)
+      actioncable (= 5.0.5)
+      actionmailer (= 5.0.5)
+      actionpack (= 5.0.5)
+      actionview (= 5.0.5)
+      activejob (= 5.0.5)
+      activemodel (= 5.0.5)
+      activerecord (= 5.0.5)
+      activesupport (= 5.0.5)
+      bundler (>= 1.3.0)
+      railties (= 5.0.5)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.2)
       actionpack (~> 5.x, >= 5.0.1)
@@ -256,16 +256,16 @@ GEM
     rails-i18n (4.0.2)
       i18n (~> 0.6)
       rails (>= 4.0)
-    railties (5.0.4)
-      actionpack (= 5.0.4)
-      activesupport (= 5.0.4)
+    railties (5.0.5)
+      actionpack (= 5.0.5)
+      activesupport (= 5.0.5)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (2.2.2)
       rake
     rake (12.0.0)
-    rb-fsevent (0.9.8)
+    rb-fsevent (0.10.2)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
     record_tag_helper (1.0.0)
@@ -290,14 +290,18 @@ GEM
       crass (~> 1.0.2)
       nokogiri (>= 1.4.4)
       nokogumbo (~> 1.4.1)
-    sass (3.4.24)
+    sass (3.5.1)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
     sass-rails (5.0.6)
       railties (>= 4.0.0, < 6)
       sass (~> 3.1)
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
-    secure_headers (3.6.5)
+    secure_headers (3.6.7)
       useragent
     simplecov (0.14.1)
       docile (~> 1.1.0)
@@ -318,8 +322,8 @@ GEM
       ref
     thor (0.19.4)
     thread_safe (0.3.6)
-    tilt (2.0.7)
-    tins (1.14.0)
+    tilt (2.0.8)
+    tins (1.15.0)
     tzinfo (1.2.3)
       thread_safe (~> 0.1)
     uglifier (3.2.0)
@@ -385,7 +389,7 @@ DEPENDENCIES
   r2
   rack-cors
   rack-uri_sanitizer
-  rails (= 5.0.4)
+  rails (= 5.0.5)
   rails-controller-testing
   rails-i18n (~> 4.0.0)
   record_tag_helper
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 534b37058d190e93884928a8f7402c35189d3143..68fc4338ee7a90d66b28d280faeee3be9bd90208 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,11 +5,14 @@ class ApplicationController < ActionController::Base
 
   before_action :fetch_body
 
+  attr_accessor :current_user
+  helper_method :current_user
+
   def authorize_web
     if session[:user]
-      @user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
+      self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
 
-      if @user.status == "suspended"
+      if current_user.status == "suspended"
         session.delete(:user)
         session_expires_automatically
 
@@ -17,7 +20,7 @@ class ApplicationController < ActionController::Base
 
       # don't allow access to any auth-requiring part of the site unless
       # the new CTs have been seen (and accept/decline chosen).
-      elsif !@user.terms_seen && flash[:skip_terms].nil?
+      elsif !current_user.terms_seen && flash[:skip_terms].nil?
         flash[:notice] = t "user.terms.you need to accept or decline"
         if params[:referer]
           redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
@@ -26,18 +29,18 @@ class ApplicationController < ActionController::Base
         end
       end
     elsif session[:token]
-      if @user = User.authenticate(:token => session[:token])
-        session[:user] = @user.id
+      if self.current_user = User.authenticate(:token => session[:token])
+        session[:user] = current_user.id
       end
     end
   rescue StandardError => ex
     logger.info("Exception authorizing user: #{ex}")
     reset_session
-    @user = nil
+    self.current_user = nil
   end
 
   def require_user
-    unless @user
+    unless current_user
       if request.get?
         redirect_to :controller => "user", :action => "login", :referer => request.fullpath
       else
@@ -47,7 +50,7 @@ class ApplicationController < ActionController::Base
   end
 
   def require_oauth
-    @oauth = @user.access_token(OAUTH_KEY) if @user && defined? OAUTH_KEY
+    @oauth = current_user.access_token(OAUTH_KEY) if current_user && defined? OAUTH_KEY
   end
 
   ##
@@ -100,7 +103,7 @@ class ApplicationController < ActionController::Base
   def require_allow_write_api
     require_capability(:allow_write_api)
 
-    if REQUIRE_TERMS_AGREED && @user.terms_agreed.nil?
+    if REQUIRE_TERMS_AGREED && current_user.terms_agreed.nil?
       report_error "You must accept the contributor terms before you can edit.", :forbidden
       return false
     end
@@ -122,7 +125,7 @@ class ApplicationController < ActionController::Base
   # require that the user is a moderator, or fill out a helpful error message
   # and return them to the index for the controller this is wrapped from.
   def require_moderator
-    unless @user.moderator?
+    unless current_user.moderator?
       if request.get?
         flash[:error] = t("application.require_moderator.not_a_moderator")
         redirect_to :action => "index"
@@ -133,7 +136,7 @@ class ApplicationController < ActionController::Base
   end
 
   ##
-  # sets up the @user object for use by other methods. this is mostly called
+  # sets up the current_user for use by other methods. this is mostly called
   # from the authorize method, but can be called elsewhere if authorisation
   # is optional.
   def setup_user_auth
@@ -141,19 +144,19 @@ class ApplicationController < ActionController::Base
     unless Authenticator.new(self, [:token]).allow?
       username, passwd = get_auth_data # parse from headers
       # authenticate per-scheme
-      @user = if username.nil?
-                nil # no authentication provided - perhaps first connect (client should retry after 401)
-              elsif username == "token"
-                User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
-              else
-                User.authenticate(:username => username, :password => passwd) # basic auth
-              end
+      self.current_user = if username.nil?
+                            nil # no authentication provided - perhaps first connect (client should retry after 401)
+                          elsif username == "token"
+                            User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
+                          else
+                            User.authenticate(:username => username, :password => passwd) # basic auth
+                          end
     end
 
     # have we identified the user?
-    if @user
+    if current_user
       # check if the user has been banned
-      user_block = @user.blocks.active.take
+      user_block = current_user.blocks.active.take
       unless user_block.nil?
         set_locale
         if user_block.zero_hour?
@@ -166,7 +169,7 @@ class ApplicationController < ActionController::Base
       # if the user hasn't seen the contributor terms then don't
       # allow editing - they have to go to the web site and see
       # (but can decline) the CTs to continue.
-      if REQUIRE_TERMS_SEEN && !@user.terms_seen && flash[:skip_terms].nil?
+      if REQUIRE_TERMS_SEEN && !current_user.terms_seen && flash[:skip_terms].nil?
         set_locale
         report_error t("application.setup_user_auth.need_to_see_terms"), :forbidden
       end
@@ -178,7 +181,7 @@ class ApplicationController < ActionController::Base
     setup_user_auth
 
     # handle authenticate pass/fail
-    unless @user
+    unless current_user
       # no auth, the user does not exist or the password was wrong
       response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
       render :plain => errormessage, :status => :unauthorized
@@ -196,7 +199,7 @@ class ApplicationController < ActionController::Base
   # good idea to do that in this branch.
   def authorize_moderator(errormessage = "Access restricted to moderators")
     # check user is a moderator
-    unless @user.moderator?
+    unless current_user.moderator?
       render :plain => errormessage, :status => :forbidden
       false
     end
@@ -266,7 +269,7 @@ class ApplicationController < ActionController::Base
   end
 
   def require_public_data
-    unless @user.data_public?
+    unless current_user.data_public?
       report_error "You must make your edits public to upload new data", :forbidden
       false
     end
@@ -297,8 +300,8 @@ class ApplicationController < ActionController::Base
   def preferred_languages
     @languages ||= if params[:locale]
                      Locale.list(params[:locale])
-                   elsif @user
-                     @user.preferred_languages
+                   elsif current_user
+                     current_user.preferred_languages
                    else
                      Locale.list(http_accept_language.user_preferred_languages)
                    end
@@ -307,9 +310,9 @@ class ApplicationController < ActionController::Base
   helper_method :preferred_languages
 
   def set_locale
-    if @user && @user.languages.empty? && !http_accept_language.user_preferred_languages.empty?
-      @user.languages = http_accept_language.user_preferred_languages
-      @user.save
+    if current_user && current_user.languages.empty? && !http_accept_language.user_preferred_languages.empty?
+      current_user.languages = http_accept_language.user_preferred_languages
+      current_user.save
     end
 
     I18n.locale = Locale.available.preferred(preferred_languages)
@@ -427,8 +430,8 @@ class ApplicationController < ActionController::Base
   def preferred_editor
     editor = if params[:editor]
                params[:editor]
-             elsif @user && @user.preferred_editor
-               @user.preferred_editor
+             elsif current_user && current_user.preferred_editor
+               current_user.preferred_editor
              else
                DEFAULT_EDITOR
              end
@@ -466,16 +469,6 @@ class ApplicationController < ActionController::Base
     [user, pass]
   end
 
-  # used by oauth plugin to get the current user
-  def current_user
-    @user
-  end
-
-  # used by oauth plugin to set the current user
-  def current_user=(user)
-    @user = user
-  end
-
   # override to stop oauth plugin sending errors
   def invalid_oauth_response; end
 end
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index f80df8623623cf3e4693d8d33217542149c64e7a..d3ed53c1bc040353d52d8b23884bf6decf13cd31 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -28,10 +28,10 @@ class UserController < ApplicationController
     else
       @title = t "user.terms.title"
 
-      if @user && @user.terms_agreed?
+      if current_user && current_user.terms_agreed?
         # Already agreed to terms, so just show settings
-        redirect_to :action => :account, :display_name => @user.display_name
-      elsif @user.nil? && session[:new_user].nil?
+        redirect_to :action => :account, :display_name => current_user.display_name
+      elsif current_user.nil? && session[:new_user].nil?
         redirect_to :action => :login, :referer => request.fullpath
       end
     end
@@ -41,52 +41,52 @@ class UserController < ApplicationController
     @title = t "user.new.title"
 
     if params[:decline]
-      if @user
-        @user.terms_seen = true
+      if current_user
+        current_user.terms_seen = true
 
-        if @user.save
+        if current_user.save
           flash[:notice] = t("user.new.terms declined", :url => t("user.new.terms declined url")).html_safe
         end
 
         if params[:referer]
           redirect_to params[:referer]
         else
-          redirect_to :action => :account, :display_name => @user.display_name
+          redirect_to :action => :account, :display_name => current_user.display_name
         end
       else
         redirect_to t("user.terms.declined")
       end
-    elsif @user
-      unless @user.terms_agreed?
-        @user.consider_pd = params[:user][:consider_pd]
-        @user.terms_agreed = Time.now.getutc
-        @user.terms_seen = true
+    elsif current_user
+      unless current_user.terms_agreed?
+        current_user.consider_pd = params[:user][:consider_pd]
+        current_user.terms_agreed = Time.now.getutc
+        current_user.terms_seen = true
 
-        flash[:notice] = t "user.new.terms accepted" if @user.save
+        flash[:notice] = t "user.new.terms accepted" if current_user.save
       end
 
       if params[:referer]
         redirect_to params[:referer]
       else
-        redirect_to :action => :account, :display_name => @user.display_name
+        redirect_to :action => :account, :display_name => current_user.display_name
       end
     else
-      @user = session.delete(:new_user)
-
-      if check_signup_allowed(@user.email)
-        @user.data_public = true
-        @user.description = "" if @user.description.nil?
-        @user.creation_ip = request.remote_ip
-        @user.languages = http_accept_language.user_preferred_languages
-        @user.terms_agreed = Time.now.getutc
-        @user.terms_seen = true
-
-        if @user.auth_uid.blank?
-          @user.auth_provider = nil
-          @user.auth_uid = nil
+      self.current_user = session.delete(:new_user)
+
+      if check_signup_allowed(current_user.email)
+        current_user.data_public = true
+        current_user.description = "" if current_user.description.nil?
+        current_user.creation_ip = request.remote_ip
+        current_user.languages = http_accept_language.user_preferred_languages
+        current_user.terms_agreed = Time.now.getutc
+        current_user.terms_seen = true
+
+        if current_user.auth_uid.blank?
+          current_user.auth_provider = nil
+          current_user.auth_uid = nil
         end
 
-        if @user.save
+        if current_user.save
           flash[:piwik_goal] = PIWIK["goals"]["signup"] if defined?(PIWIK)
 
           referer = welcome_path
@@ -103,13 +103,13 @@ class UserController < ApplicationController
             # Use default
           end
 
-          if @user.status == "active"
+          if current_user.status == "active"
             session[:referer] = referer
-            successful_login(@user)
+            successful_login(current_user)
           else
-            session[:token] = @user.tokens.create.token
-            Notifier.signup_confirm(@user, @user.tokens.create(:referer => referer)).deliver_now
-            redirect_to :action => "confirm", :display_name => @user.display_name
+            session[:token] = current_user.tokens.create.token
+            Notifier.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_now
+            redirect_to :action => "confirm", :display_name => current_user.display_name
           end
         else
           render :action => "new", :referer => params[:referer]
@@ -120,29 +120,29 @@ class UserController < ApplicationController
 
   def account
     @title = t "user.account.title"
-    @tokens = @user.oauth_tokens.authorized
+    @tokens = current_user.oauth_tokens.authorized
 
     if params[:user] && params[:user][:display_name] && params[:user][:description]
       if params[:user][:auth_provider].blank? ||
-         (params[:user][:auth_provider] == @user.auth_provider &&
-          params[:user][:auth_uid] == @user.auth_uid)
-        update_user(@user, params)
+         (params[:user][:auth_provider] == current_user.auth_provider &&
+          params[:user][:auth_uid] == current_user.auth_uid)
+        update_user(current_user, params)
       else
         session[:new_user_settings] = params
         redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid])
       end
     elsif errors = session.delete(:user_errors)
       errors.each do |attribute, error|
-        @user.errors.add(attribute, error)
+        current_user.errors.add(attribute, error)
       end
     end
   end
 
   def go_public
-    @user.data_public = true
-    @user.save
+    current_user.data_public = true
+    current_user.save
     flash[:notice] = t "user.go_public.flash success"
-    redirect_to :action => "account", :display_name => @user.display_name
+    redirect_to :action => "account", :display_name => current_user.display_name
   end
 
   def lost_password
@@ -175,18 +175,18 @@ class UserController < ApplicationController
       token = UserToken.find_by(:token => params[:token])
 
       if token
-        @user = token.user
+        self.current_user = token.user
 
         if params[:user]
-          @user.pass_crypt = params[:user][:pass_crypt]
-          @user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
-          @user.status = "active" if @user.status == "pending"
-          @user.email_valid = true
+          current_user.pass_crypt = params[:user][:pass_crypt]
+          current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
+          current_user.status = "active" if current_user.status == "pending"
+          current_user.email_valid = true
 
-          if @user.save
+          if current_user.save
             token.destroy
             flash[:notice] = t "user.reset_password.flash changed"
-            successful_login(@user)
+            successful_login(current_user)
           end
         end
       else
@@ -202,7 +202,7 @@ class UserController < ApplicationController
     @title = t "user.new.title"
     @referer = params[:referer] || session[:referer]
 
-    if @user
+    if current_user
       # The user is logged in already, so don't show them the signup
       # page, instead send them to the home page
       if @referer
@@ -211,43 +211,45 @@ class UserController < ApplicationController
         redirect_to :controller => "site", :action => "index"
       end
     elsif params.key?(:auth_provider) && params.key?(:auth_uid)
-      @user = User.new(:email => params[:email],
-                       :email_confirmation => params[:email],
-                       :display_name => params[:nickname],
-                       :auth_provider => params[:auth_provider],
-                       :auth_uid => params[:auth_uid])
+      self.current_user = User.new(:email => params[:email],
+                                   :email_confirmation => params[:email],
+                                   :display_name => params[:nickname],
+                                   :auth_provider => params[:auth_provider],
+                                   :auth_uid => params[:auth_uid])
 
       flash.now[:notice] = render_to_string :partial => "auth_association"
     else
       check_signup_allowed
+
+      self.current_user = User.new
     end
   end
 
   def create
-    @user = User.new(user_params)
+    self.current_user = User.new(user_params)
 
-    if check_signup_allowed(@user.email)
+    if check_signup_allowed(current_user.email)
       session[:referer] = params[:referer]
 
-      @user.status = "pending"
+      current_user.status = "pending"
 
-      if @user.auth_provider.present? && @user.pass_crypt.empty?
+      if current_user.auth_provider.present? && current_user.pass_crypt.empty?
         # We are creating an account with external authentication and
         # no password was specified so create a random one
-        @user.pass_crypt = SecureRandom.base64(16)
-        @user.pass_crypt_confirmation = @user.pass_crypt
+        current_user.pass_crypt = SecureRandom.base64(16)
+        current_user.pass_crypt_confirmation = current_user.pass_crypt
       end
 
-      if @user.invalid?
+      if current_user.invalid?
         # Something is wrong with a new user, so rerender the form
         render :action => "new"
-      elsif @user.auth_provider.present?
+      elsif current_user.auth_provider.present?
         # Verify external authenticator before moving on
-        session[:new_user] = @user
-        redirect_to auth_url(@user.auth_provider, @user.auth_uid)
+        session[:new_user] = current_user
+        redirect_to auth_url(current_user.auth_provider, current_user.auth_uid)
       else
         # Save the user record
-        session[:new_user] = @user
+        session[:new_user] = current_user
         redirect_to :action => :terms
       end
     end
@@ -345,23 +347,23 @@ class UserController < ApplicationController
     if request.post?
       token = UserToken.find_by(:token => params[:confirm_string])
       if token && token.user.new_email?
-        @user = token.user
-        @user.email = @user.new_email
-        @user.new_email = nil
-        @user.email_valid = true
-        gravatar_enabled = gravatar_enable(@user)
-        if @user.save
+        self.current_user = token.user
+        current_user.email = current_user.new_email
+        current_user.new_email = nil
+        current_user.email_valid = true
+        gravatar_enabled = gravatar_enable(current_user)
+        if current_user.save
           flash[:notice] = if gravatar_enabled
-                             t("user.confirm_email.success") + " " + gravatar_status_message(@user)
+                             t("user.confirm_email.success") + " " + gravatar_status_message(current_user)
                            else
                              t("user.confirm_email.success")
                            end
         else
-          flash[:errors] = @user.errors
+          flash[:errors] = current_user.errors
         end
         token.destroy
-        session[:user] = @user.id
-        redirect_to :action => "account", :display_name => @user.display_name
+        session[:user] = current_user.id
+        redirect_to :action => "account", :display_name => current_user.display_name
       elsif token
         flash[:error] = t "user.confirm_email.failure"
         redirect_to :action => "account", :display_name => token.user.display_name
@@ -380,13 +382,13 @@ class UserController < ApplicationController
   end
 
   def api_details
-    @this_user = @user
+    @this_user = current_user
     render :action => :api_read, :content_type => "text/xml"
   end
 
   def api_gpx_files
     doc = OSM::API.new.get_xml_doc
-    @user.traces.reload.each do |trace|
+    current_user.traces.reload.each do |trace|
       doc.root << trace.to_xml_node
     end
     render :xml => doc.to_s
@@ -396,7 +398,7 @@ class UserController < ApplicationController
     @this_user = User.find_by(:display_name => params[:display_name])
 
     if @this_user &&
-       (@this_user.visible? || (@user && @user.administrator?))
+       (@this_user.visible? || (current_user && current_user.administrator?))
       @title = @this_user.display_name
     else
       render_unknown_user params[:display_name]
@@ -409,9 +411,9 @@ class UserController < ApplicationController
     if @new_friend
       if request.post?
         friend = Friend.new
-        friend.user_id = @user.id
+        friend.user_id = current_user.id
         friend.friend_user_id = @new_friend.id
-        if @user.is_friends_with?(@new_friend)
+        if current_user.is_friends_with?(@new_friend)
           flash[:warning] = t "user.make_friend.already_a_friend", :name => @new_friend.display_name
         elsif friend.save
           flash[:notice] = t "user.make_friend.success", :name => @new_friend.display_name
@@ -436,8 +438,8 @@ class UserController < ApplicationController
 
     if @friend
       if request.post?
-        if @user.is_friends_with?(@friend)
-          Friend.where(:user_id => @user.id, :friend_user_id => @friend.id).delete_all
+        if current_user.is_friends_with?(@friend)
+          Friend.where(:user_id => current_user.id, :friend_user_id => @friend.id).delete_all
           flash[:notice] = t "user.remove_friend.success", :name => @friend.display_name
         else
           flash[:error] = t "user.remove_friend.not_a_friend", :name => @friend.display_name
@@ -514,14 +516,14 @@ class UserController < ApplicationController
     end
 
     if settings = session.delete(:new_user_settings)
-      @user.auth_provider = provider
-      @user.auth_uid = uid
+      current_user.auth_provider = provider
+      current_user.auth_uid = uid
 
-      update_user(@user, settings)
+      update_user(current_user, settings)
 
-      session[:user_errors] = @user.errors.as_json
+      session[:user_errors] = current_user.errors.as_json
 
-      redirect_to :action => "account", :display_name => @user.display_name
+      redirect_to :action => "account", :display_name => current_user.display_name
     elsif session[:new_user]
       session[:new_user].auth_provider = provider
       session[:new_user].auth_uid = uid
@@ -725,8 +727,8 @@ class UserController < ApplicationController
             # Ignore errors sending email
           end
         else
-          @user.errors.add(:new_email, @user.errors[:email])
-          @user.errors.add(:email, [])
+          current_user.errors.add(:new_email, current_user.errors[:email])
+          current_user.errors.add(:email, [])
         end
 
         user.restore_email!
@@ -738,7 +740,7 @@ class UserController < ApplicationController
   # require that the user is a administrator, or fill out a helpful error message
   # and return them to the user page.
   def require_administrator
-    if @user && !@user.administrator?
+    if current_user && !current_user.administrator?
       flash[:error] = t("user.filter.not_an_administrator")
 
       if params[:display_name]
@@ -746,7 +748,7 @@ class UserController < ApplicationController
       else
         redirect_to :action => "login", :referer => request.fullpath
       end
-    elsif !@user
+    elsif !current_user
       redirect_to :action => "login", :referer => request.fullpath
     end
   end
@@ -754,7 +756,7 @@ class UserController < ApplicationController
   ##
   # require that the user in the URL is the logged in user
   def require_self
-    head :forbidden if params[:display_name] != @user.display_name
+    head :forbidden if params[:display_name] != current_user.display_name
   end
 
   ##
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index c5b08e515dcfd3279961607f9ff399e9acac963e..d27b47f275f815397cd7315d578bc9c960e51d9d 100644 (file)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -21,12 +21,12 @@ module ApplicationHelper
     css = ""
 
     css << ".hidden { display: none !important }"
-    css << ".hide_unless_logged_in { display: none !important }" unless @user
-    css << ".hide_if_logged_in { display: none !important }" if @user
-    css << ".hide_if_user_#{@user.id} { display: none !important }" if @user
-    css << ".show_if_user_#{@user.id} { display: inline !important }" if @user
-    css << ".hide_unless_administrator { display: none !important }" unless @user && @user.administrator?
-    css << ".hide_unless_moderator { display: none !important }" unless @user && @user.moderator?
+    css << ".hide_unless_logged_in { display: none !important }" unless current_user
+    css << ".hide_if_logged_in { display: none !important }" if current_user
+    css << ".hide_if_user_#{current_user.id} { display: none !important }" if current_user
+    css << ".show_if_user_#{current_user.id} { display: inline !important }" if current_user
+    css << ".hide_unless_administrator { display: none !important }" unless current_user && current_user.administrator?
+    css << ".hide_unless_moderator { display: none !important }" unless current_user && current_user.moderator?
 
     content_tag(:style, css, :type => "text/css")
   end
@@ -107,11 +107,11 @@ module ApplicationHelper
       :preferred_editor => preferred_editor
     }
 
-    if @user
-      data[:user] = @user.id.to_json
+    if current_user
+      data[:user] = current_user.id.to_json
 
-      unless @user.home_lon.nil? || @user.home_lat.nil?
-        data[:user_home] = { :lat => @user.home_lat, :lon => @user.home_lon }
+      unless current_user.home_lon.nil? || current_user.home_lat.nil?
+        data[:user_home] = { :lat => current_user.home_lat, :lon => current_user.home_lon }
       end
     end
 
diff --git a/app/helpers/user_roles_helper.rb b/app/helpers/user_roles_helper.rb
index 7093a96b2b160dc9d4733d69ab58d74075813082..805abb58f38f323889cf2ebb3b1226d2a30234c2 100644 (file)
--- a/app/helpers/user_roles_helper.rb
+++ b/app/helpers/user_roles_helper.rb
@@ -6,7 +6,7 @@ module UserRolesHelper
   end
 
   def role_icon(user, role)
-    if @user && @user.administrator?
+    if current_user && current_user.administrator?
       if user.has_role?(role)
         image = "roles/#{role}"
         alt = t("user.view.role.revoke.#{role}")
diff --git a/app/views/browse/changeset.html.erb b/app/views/browse/changeset.html.erb
index a33214a70231955009b9546847a09f04cd750207..86d190680c4a5bb29ba27667c658e273ab2fd724 100644 (file)
--- a/app/views/browse/changeset.html.erb
+++ b/app/views/browse/changeset.html.erb
@@ -12,10 +12,10 @@
   <%= render :partial => "tag_details", :object => @changeset.tags.except('comment') %>
 
   <h4 class="comments-header"><%= t('browse.changeset.discussion') %></h4>
-  
+
   <div class="buttons clearfix subscribe-buttons">
     <form action="#" class="hide_unless_logged_in">
-      <% if @user and @changeset.subscribers.exists?(@user.id) %>
+      <% if current_user and @changeset.subscribers.exists?(current_user.id) %>
         <input class="action-button" type="submit" name="unsubscribe" value="<%= t('javascripts.changesets.show.unsubscribe') %>" data-method="POST" data-url="<%= changeset_unsubscribe_url(@changeset) %>" />
       <% else %>
         <input class="action-button" type="submit" name="subscribe" value="<%= t('javascripts.changesets.show.subscribe') %>" data-method="POST" data-url="<%= changeset_subscribe_url(@changeset) %>" />
@@ -37,13 +37,13 @@
                     :when => friendly_date(comment.created_at), :exact_time => l(comment.created_at),
                     :user => link_to(h(comment.author.display_name), {:controller => "user", :action => "view",
                     :display_name => comment.author.display_name})).html_safe %>
-                  <% if @user and @user.moderator? %>
+                  <% if current_user and current_user.moderator? %>
                     â€” <span class="action-button deemphasize" data-comment-id="<%= comment.id %>" data-method="POST" data-url="<%= changeset_comment_hide_url(comment.id) %>"><%= t('javascripts.changesets.show.hide_comment') %></span>
                   <% end %>
                 </small>
                 <%= comment.body.to_html %>
               </li>
-            <% elsif @user and @user.moderator? %>
+            <% elsif current_user and current_user.moderator? %>
               <li id="c<%= comment.id %>">
                 <small class='deemphasize'>
                   <%= t("browse.changeset.hidden_commented_by",
diff --git a/app/views/changeset/history.html.erb b/app/views/changeset/history.html.erb
index 1516118eb92683b4edb30bb33b0f5ccfac7d2a7a..17faf7f8d8e80956d8ba655b2cdf7b367460801b 100644 (file)
--- a/app/views/changeset/history.html.erb
+++ b/app/views/changeset/history.html.erb
@@ -5,7 +5,7 @@
 <% end -%>
 
 <%
-   set_title(changeset_list_title(params, @user))
+   set_title(changeset_list_title(params, current_user))
    if params[:display_name]
      @heading = t('changeset.list.title_user', :user => link_to(params[:display_name], :controller => "user", :action => "view", :display_name => params[:display_name])).html_safe
    else
diff --git a/app/views/changeset/list.atom.builder b/app/views/changeset/list.atom.builder
index 0235d182afbea03b092169b1b7be61db27fce942..ace586ae54cd25d64e987b1164d03fa7a3defcb5 100644 (file)
--- a/app/views/changeset/list.atom.builder
+++ b/app/views/changeset/list.atom.builder
@@ -2,7 +2,7 @@ atom_feed(:language => I18n.locale, :schema_date => 2009,
           :id => url_for(@params.merge(:only_path => false)),
           :root_url => url_for(@params.merge(:action => :list, :format => nil, :only_path => false)),
           "xmlns:georss" => "http://www.georss.org/georss") do |feed|
-  feed.title changeset_list_title(params, @user)
+  feed.title changeset_list_title(params, current_user)
 
   feed.updated @edits.map { |e| [e.created_at, e.closed_at].max }.max
   feed.icon image_url("favicon.ico")
diff --git a/app/views/diary_entry/view.html.erb b/app/views/diary_entry/view.html.erb
index 6a2a21abcba3bf26b0b341a5dd1fb4019501af57..3c2264d3e58fb849a8793ef1e0aee9da806cd315 100644 (file)
--- a/app/views/diary_entry/view.html.erb
+++ b/app/views/diary_entry/view.html.erb
@@ -21,9 +21,9 @@
     <%= richtext_area :diary_comment, :body, :cols => 80, :rows => 15 %>
     <%= submit_tag t('diary_entry.view.save_button') %>
   <% end %>
-  <% if @user and @entry.subscribers.exists?(@user.id) %>
+  <% if current_user and @entry.subscribers.exists?(current_user.id) %>
     <div class="diary-subscribe-buttons"><%= link_to t('javascripts.changesets.show.unsubscribe'), diary_entry_unsubscribe_path(:display_name => @entry.user.display_name, :id => @entry.id), :method => :post, :class => :button %></div>
-  <% elsif @user %>
+  <% elsif current_user %>
     <div class="diary-subscribe-buttons"><%= link_to t('javascripts.changesets.show.subscribe'), diary_entry_subscribe_path(:display_name => @entry.user.display_name, :id => @entry.id), :method => :post, :class => :button %></div>
   <% end %>
 <% end %>
diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
index 262989752706e10951415b19fd85ac413a494964..a5ab460ce67924f3d294639d179238535decf26d 100644 (file)
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -54,26 +54,26 @@
         </ul>
       </li>
     </ul>
-    <% if @user && @user.id %>
+    <% if current_user && current_user.id %>
       <div class='dropdown user-menu logged-in'>
         <a class='dropdown-toggle' data-toggle='dropdown' href="#">
-          <%= user_thumbnail_tiny(@user, :width => 25, :height => 25)
+          <%= user_thumbnail_tiny(current_user, :width => 25, :height => 25)
           %><%= render :partial => 'layouts/inbox'
-        %><span class="user-button"><span class='username'><%= @user.display_name %></span>
+        %><span class="user-button"><span class='username'><%= current_user.display_name %></span>
           <b class="caret"></b></span>
         </a>
         <ul class='dropdown-menu'>
           <li>
-            <%= link_to inbox_path(:display_name => @user.display_name) do %>
-              <span class='count-number'><%= number_with_delimiter(@user.new_messages.size) %></span>
+            <%= link_to inbox_path(:display_name => current_user.display_name) do %>
+              <span class='count-number'><%= number_with_delimiter(current_user.new_messages.size) %></span>
               <%= t('user.view.my messages') %>
             <% end %>
           </li>
           <li>
-            <%= link_to t('user.view.my profile'), user_path(:display_name => @user.display_name) %>
+            <%= link_to t('user.view.my profile'), user_path(:display_name => current_user.display_name) %>
           </li>
           <li>
-            <%= link_to t('user.view.my settings'), :controller => 'user', :action => 'account', :display_name => @user.display_name %>
+            <%= link_to t('user.view.my settings'), :controller => 'user', :action => 'account', :display_name => current_user.display_name %>
           </li>
           <li class="divider"></li>
           <li>
diff --git a/app/views/layouts/_inbox.html.erb b/app/views/layouts/_inbox.html.erb
index cdd708e1cb5a0508ca6981b148f53c1ae42c4e41..79a1db2da4fa56f150b45e343e548bd3f501464e 100644 (file)
--- a/app/views/layouts/_inbox.html.erb
+++ b/app/views/layouts/_inbox.html.erb
@@ -1,3 +1,3 @@
-<% if @user.new_messages.size > 0 %>
-<span id="inboxanchor" class="count-number"><%= @user.new_messages.size %></span>
+<% if current_user.new_messages.size > 0 %>
+<span id="inboxanchor" class="count-number"><%= current_user.new_messages.size %></span>
 <% end %>
diff --git a/app/views/layouts/map.html.erb b/app/views/layouts/map.html.erb
index 5df2081497fa1cb7e80b89dd85b49ab48a945d8e..9bed9d274ee8ab560c53d040353871bef793f1a9 100644 (file)
--- a/app/views/layouts/map.html.erb
+++ b/app/views/layouts/map.html.erb
@@ -4,14 +4,14 @@
 
 <% content_for(:body_class) { "map-layout" } %>
 
-<% if @user and !@user.home_lon.nil? and !@user.home_lat.nil? %>
+<% if current_user and !current_user.home_lon.nil? and !current_user.home_lat.nil? %>
   <% content_for :greeting do %>
     <%= link_to t("layouts.home"),
                 "#",
                 :id => "homeanchor",
                 :class => "set_position",
-                :data => { :lat => @user.home_lat,
-                           :lon => @user.home_lon,
+                :data => { :lat => current_user.home_lat,
+                           :lon => current_user.home_lon,
                            :zoom => 15 } %>
   <% end %>
 <% end %>
@@ -38,7 +38,7 @@
       <%= yield %>
     </div>
 
-    <% unless @user %>
+    <% unless current_user %>
       <div class="welcome">
         <h2><%= t 'layouts.intro_header' %></h2>
         <div class="close-wrap"><span class="icon close"></span></div>
diff --git a/app/views/message/_message_count.html.erb b/app/views/message/_message_count.html.erb
index 9b5edd26cf3cfad0251d2f6f3664362b2fc392d3..3a995c17144bb37e389a8de93c49e0d77dbbc83b 100644 (file)
--- a/app/views/message/_message_count.html.erb
+++ b/app/views/message/_message_count.html.erb
@@ -1,8 +1,8 @@
 <p id="inbox-count">
 <%= t "message.inbox.messages",
-      :new_messages => t("message.inbox.new_messages", 
-                         :count => @user.new_messages.size),
-      :old_messages => t("message.inbox.old_messages", 
-                         :count => @user.messages.size - @user.new_messages.size)
+      :new_messages => t("message.inbox.new_messages",
+                         :count => current_user.new_messages.size),
+      :old_messages => t("message.inbox.old_messages",
+                         :count => current_user.messages.size - current_user.new_messages.size)
 %>
-</p> 
+</p>
diff --git a/app/views/message/inbox.html.erb b/app/views/message/inbox.html.erb
index 4a898c0857b6c276c9df20b34f1f6e319b55b24f..919a3e4023c132a3476b661fe89a9e1d423cf5d5 100644 (file)
--- a/app/views/message/inbox.html.erb
+++ b/app/views/message/inbox.html.erb
@@ -1,10 +1,10 @@
 <% content_for :heading do %>
-  <h2><%= t'message.inbox.my_inbox'%>/<%= link_to t('message.inbox.outbox'), outbox_path(@user.display_name) %></h2>
+  <h2><%= t'message.inbox.my_inbox'%>/<%= link_to t('message.inbox.outbox'), outbox_path(current_user.display_name) %></h2>
 <% end %>
 
   <h4><%= render :partial => "message_count" %></h4>
 
-<% if @user.messages.size > 0 %>
+<% if current_user.messages.size > 0 %>
   <table class="messages">
     <thead>
       <tr>
@@ -16,9 +16,9 @@
       </tr>
     </thead>
     <tbody>
-        <%= render :partial => "message_summary", :collection => @user.messages %>
+        <%= render :partial => "message_summary", :collection => current_user.messages %>
     </tbody>
   </table>
 <% else %>
-  <div><%= raw(t'message.inbox.no_messages_yet', :people_mapping_nearby_link => link_to(t('message.inbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => @user.display_name)) %></div>
+  <div><%= raw(t'message.inbox.no_messages_yet', :people_mapping_nearby_link => link_to(t('message.inbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => current_user.display_name)) %></div>
 <% end %>
diff --git a/app/views/message/new.html.erb b/app/views/message/new.html.erb
index f7c26aea1fa90bf2a159e81ae5ec0b20473cb5cb..b2534e47b367c71dd0db8dedef604237e908a187 100644 (file)
--- a/app/views/message/new.html.erb
+++ b/app/views/message/new.html.erb
@@ -16,7 +16,7 @@
     </div>
     <div class='buttons'>
       <%= submit_tag t('message.new.send_button') %>
-      <%= link_to t('message.new.back_to_inbox'), { :controller => 'message', :action => 'inbox', :display_name => @user.display_name }, :class => 'deemphasize button' %>
+      <%= link_to t('message.new.back_to_inbox'), { :controller => 'message', :action => 'inbox', :display_name => current_user.display_name }, :class => 'deemphasize button' %>
     </div>
   </fieldset>
 <% end %>
diff --git a/app/views/message/outbox.html.erb b/app/views/message/outbox.html.erb
index ebf04c9fb37f015129f5ae19ab3c47607f1dda50..288c235ebd3c5718d588595e8e6b0717c70eca6d 100644 (file)
--- a/app/views/message/outbox.html.erb
+++ b/app/views/message/outbox.html.erb
@@ -1,10 +1,10 @@
 <% content_for :heading do %>
-  <h2><%= raw(t'message.outbox.my_inbox', :inbox_link => link_to(t('message.outbox.inbox'), inbox_path(@user.display_name))) %>/<%= t'message.outbox.outbox' %></h2>
+  <h2><%= raw(t'message.outbox.my_inbox', :inbox_link => link_to(t('message.outbox.inbox'), inbox_path(current_user.display_name))) %>/<%= t'message.outbox.outbox' %></h2>
 <% end %>
 
-<h4><%= t'message.outbox.messages', :count => @user.sent_messages.size %></h4>
+<h4><%= t'message.outbox.messages', :count => current_user.sent_messages.size %></h4>
 
-<% if @user.sent_messages.size > 0 %>
+<% if current_user.sent_messages.size > 0 %>
   <table class="messages">
     <thead>
       <tr>
@@ -15,9 +15,9 @@
       </tr>
     </thead>
     <tbody>
-      <%= render :partial => "sent_message_summary", :collection => @user.sent_messages %>
+      <%= render :partial => "sent_message_summary", :collection => current_user.sent_messages %>
     </tbody>
   </table>
 <% else %>
-  <div class="messages"><%= raw(t'message.outbox.no_sent_messages', :people_mapping_nearby_link => link_to(t('message.outbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => @user.display_name)) %></div>
+  <div class="messages"><%= raw(t'message.outbox.no_sent_messages', :people_mapping_nearby_link => link_to(t('message.outbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => current_user.display_name)) %></div>
 <% end %>
diff --git a/app/views/message/read.html.erb b/app/views/message/read.html.erb
index 8e175ef671f6a212d384ab9c415e9443ceffe5f0..6621c3e8ed760481bc87a39749c6ff7c48ca477e 100644 (file)
--- a/app/views/message/read.html.erb
+++ b/app/views/message/read.html.erb
@@ -1,4 +1,4 @@
-<% if @user == @message.recipient %>
+<% if current_user == @message.recipient %>
   <% content_for :heading do %>
     <h2><%= h(@message.title) %></h2>
   <% end %>
@@ -36,5 +36,5 @@
 
 <% end %>
 
-  <%= link_to t('message.read.back'), {:controller => 'message', :action => 'outbox', :display_name => @user.display_name }, :class => "button deemphasize" %>
+  <%= link_to t('message.read.back'), {:controller => 'message', :action => 'outbox', :display_name => current_user.display_name }, :class => "button deemphasize" %>
   </div>
diff --git a/app/views/oauth/authorize.html.erb b/app/views/oauth/authorize.html.erb
index c0271350d3f2d0bfd512cb64e7a250d95cf7f14f..6c8bc3a9e92f8e384d6aae20dd506eb8ced9a5fc 100644 (file)
--- a/app/views/oauth/authorize.html.erb
+++ b/app/views/oauth/authorize.html.erb
@@ -2,7 +2,7 @@
   <h1><%= t "oauth.oauthorize.title" %></h1>
 <% end %>
 
-<p><%= raw t("oauth.oauthorize.request_access", :app_name => link_to(@token.client_application.name, @token.client_application.url), :user => link_to(@user.display_name, :controller => :user, :action => :view, :display_name => @user.display_name)) %></p>
+<p><%= raw t("oauth.oauthorize.request_access", :app_name => link_to(@token.client_application.name, @token.client_application.url), :user => link_to(current_user.display_name, :controller => :user, :action => :view, :display_name => current_user.display_name)) %></p>
 
 <%= form_tag authorize_url do %>
   <%= hidden_field_tag "oauth_token", @token.token %>
diff --git a/app/views/redactions/show.html.erb b/app/views/redactions/show.html.erb
index 174fe97e4f60559a02c57509d997b4c375a53591..b9786992ce8542f70577455a999c14512312ce6b 100644 (file)
--- a/app/views/redactions/show.html.erb
+++ b/app/views/redactions/show.html.erb
@@ -12,8 +12,8 @@
   <%= @redaction.description.to_html %>
 </p>
 
-<% if @user and @user.moderator? %>
-<div class="buttons">  
+<% if current_user and current_user.moderator? %>
+<div class="buttons">
   <%= button_to t('redaction.show.edit'), edit_redaction_path(@redaction), :method => :get %></td>
   <%= button_to t('redaction.show.destroy'), @redaction, :method => "delete", :remote => true, :data => { :confirm => t('redaction.show.confirm') } %>
 </div>
diff --git a/app/views/site/_potlatch.html.erb b/app/views/site/_potlatch.html.erb
index b0d20a9ae134ea9b4ebdd4ec64b6764571fcc4fc..5b59f5f2427527b461e4d4a4484f031f919657a2 100644 (file)
--- a/app/views/site/_potlatch.html.erb
+++ b/app/views/site/_potlatch.html.erb
@@ -1,7 +1,7 @@
 <%= javascript_include_tag "edit/potlatch" %>
 
 <div id="map">
-  <% session[:token] = @user.tokens.create.token unless session[:token] and UserToken.find_by_token(session[:token]) -%>
+  <% session[:token] = current_user.tokens.create.token unless session[:token] and UserToken.find_by_token(session[:token]) -%>
   <% data = { :token => session[:token] } -%>
   <% data[:lat] = @lat if @lat -%>
   <% data[:lon] = @lon if @lon -%>
diff --git a/app/views/site/_potlatch2.html.erb b/app/views/site/_potlatch2.html.erb
index 2cc4ab2d572ec23170d8b63397b09114e84c8fdc..9e01eef302ab204e49d4d2d5278bd896b6aa7663 100644 (file)
--- a/app/views/site/_potlatch2.html.erb
+++ b/app/views/site/_potlatch2.html.erb
@@ -1,13 +1,13 @@
 <%= javascript_include_tag "edit/potlatch2" %>
 
 <div id="map">
-  <% session[:token] = @user.tokens.create.token unless session[:token] and UserToken.find_by_token(session[:token]) -%>
+  <% session[:token] = current_user.tokens.create.token unless session[:token] and UserToken.find_by_token(session[:token]) -%>
   <% data = { :token => session[:token] } -%>
   <% data[:lat] = @lat if @lat -%>
   <% data[:lon] = @lon if @lon -%>
   <% data[:zoom] = @zoom if @zoom -%>
   <% if defined? POTLATCH2_KEY %>
-  <% token = @user.access_token(POTLATCH2_KEY) %>
+  <% token = current_user.access_token(POTLATCH2_KEY) %>
   <% data[:token] = token.token -%>
   <% data[:token_secret] = token.secret -%>
   <% data[:consumer_key] = token.client_application.key -%>
diff --git a/app/views/site/edit.html.erb b/app/views/site/edit.html.erb
index ae313e1f263424119711c275207607d4843a824c..81095140ed8f1fbdf47a64fdd8330e880c9a1dda 100644 (file)
--- a/app/views/site/edit.html.erb
+++ b/app/views/site/edit.html.erb
@@ -3,9 +3,9 @@
     <p><%= t 'layouts.osm_offline' %></p>
   <% elsif STATUS == :database_readonly or STATUS == :api_readonly %>
     <p><%= t 'layouts.osm_read_only' %></p>
-  <% elsif !@user.data_public? %>
+  <% elsif !current_user.data_public? %>
     <p><%= t 'site.edit.not_public' %></p>
-    <p><%= raw t 'site.edit.not_public_description', :user_page => (link_to t('site.edit.user_page_link'), {:controller => 'user', :action => 'account', :display_name => @user.display_name, :anchor => 'public'}) %></p>
+    <p><%= raw t 'site.edit.not_public_description', :user_page => (link_to t('site.edit.user_page_link'), {:controller => 'user', :action => 'account', :display_name => current_user.display_name, :anchor => 'public'}) %></p>
     <p><%= raw t 'site.edit.anon_edits', :link => link_to(t('site.edit.anon_edits_link_text'), t('site.edit.anon_edits_link')) %></p>
   <% else %>
     <%= render :partial => preferred_editor %>
diff --git a/app/views/site/help.html.erb b/app/views/site/help.html.erb
index 5097dd340464cf3d9a05463965d1827124a3acf7..dff2108cacbc7831b48cbb9572ffd9069698f470 100644 (file)
--- a/app/views/site/help.html.erb
+++ b/app/views/site/help.html.erb
@@ -5,7 +5,7 @@
 <p class='introduction'><%= t "help_page.introduction" %></p>
 
 <% ['welcome', 'beginners_guide', 'help', 'mailing_lists', 'forums', 'irc', 'switch2osm', 'wiki'].each do |site| %>
-  <% unless site == 'welcome' && !@user %>
+  <% unless site == 'welcome' && !current_user %>
   <div class='<%= site %> help-item'>
   <h3>
     <a href='<%= t "help_page.#{site}.url" %>'>
diff --git a/app/views/site/id.html.erb b/app/views/site/id.html.erb
index a38a81534355d77e54684bee2f6df25eb1dce7de..c115ea59ff47d5c71596f603585535a8c66453bc 100644 (file)
--- a/app/views/site/id.html.erb
+++ b/app/views/site/id.html.erb
@@ -10,7 +10,7 @@
 <body>
 <% data = {} -%>
 <% if defined? ID_KEY %>
-<% token = @user.access_token(ID_KEY) %>
+<% token = current_user.access_token(ID_KEY) %>
 <% data[:token] = token.token -%>
 <% data[:token_secret] = token.secret -%>
 <% data[:consumer_key] = token.client_application.key -%>
diff --git a/app/views/user/_contact.html.erb b/app/views/user/_contact.html.erb
index 4811389f12f61b22368b8b84a7c178b142b4f77a..08b982cd76c097f117d9fb891ce2e1f9e475196f 100644 (file)
--- a/app/views/user/_contact.html.erb
+++ b/app/views/user/_contact.html.erb
@@ -37,7 +37,7 @@
     <ul class='secondary-actions clearfix deemphasize'>
       <li><%= link_to t('user.view.send message'), :controller => 'message', :action => 'new', :display_name => contact.display_name %></li>
       <li>
-        <% if @user.is_friends_with?(contact) %>
+        <% if current_user.is_friends_with?(contact) %>
           <%= link_to t('user.view.remove as friend'), remove_friend_path(:display_name => contact.display_name, :referer => request.fullpath), :method => :post %>
         <% else %>
           <%= link_to t('user.view.add as friend'), make_friend_path(:display_name => contact.display_name, :referer => request.fullpath), :method => :post %>
diff --git a/app/views/user/account.html.erb b/app/views/user/account.html.erb
index 47a84e99bcbb86823f90ba45096889a3c453ba74..752d1cd017740bc9f83bd9b9c01ce68fee263e62 100644 (file)
--- a/app/views/user/account.html.erb
+++ b/app/views/user/account.html.erb
@@ -5,13 +5,13 @@
 <% content_for :heading do %>
   <h1><%= t 'user.account.my settings' %></h1>
   <ul class='secondary-actions clearfix'>
-    <li><%= link_to t('user.account.return to profile'), :controller => 'user', :action => 'view', :display_name => @user.display_name %></li>
+    <li><%= link_to t('user.account.return to profile'), :controller => 'user', :action => 'view', :display_name => current_user.display_name %></li>
     <li><%= link_to t('user.view.oauth settings'), :controller => 'oauth_clients', :action => 'index' %></li>
   </ul>
 <% end %>
 
-<%= error_messages_for 'user' %>
-<%= form_for :user, :html => { :multipart => true, :id => 'accountForm', :class => 'standard-form', :autocomplete => :off } do |f| %>
+<%= error_messages_for current_user %>
+<%= form_for current_user, :url => { :action => :account }, :html => { :multipart => true, :id => 'accountForm', :class => 'standard-form', :autocomplete => :off } do |f| %>
   <fieldset>
     <div class="form-row">
       <label class="standard-label"><%= t 'user.new.display name' %></label>
@@ -22,7 +22,7 @@
   <fieldset>
     <div class="form-row">
       <label class="standard-label"><%= t 'user.account.current email address' %></label>
-      <input type="email" disabled value="<%= @user.email %>" />
+      <input type="email" disabled value="<%= current_user.email %>" />
       <span class="form-help deemphasize"><%= t 'user.account.email never displayed publicly' %></span>
     </div>
 
@@ -58,7 +58,7 @@
     <div class="form-row">
       <label class="standard-label"><%= t 'user.account.public editing.heading' %></label>
       <span class="form-help deemphasize">
-        <% if @user.data_public? %>
+        <% if current_user.data_public? %>
           <%= t 'user.account.public editing.enabled' %>
           (<a href="<%= t 'user.account.public editing.enabled link' %>" target="_new"><%= t 'user.account.public editing.enabled link text' %></a>)
         <% else %>
@@ -71,10 +71,10 @@
     <div class="form-row">
       <label class="standard-label"><%= t 'user.account.contributor terms.heading' %></label>
       <span class="form-help deemphasize">
-        <% if @user.terms_agreed? %>
+        <% if current_user.terms_agreed? %>
           <%= t 'user.account.contributor terms.agreed' %>
           (<a href="<%= t 'user.account.contributor terms.link' %>" target="_new"><%= t 'user.account.contributor terms.link text' %></a>)
-          <% if @user.consider_pd? %>
+          <% if current_user.consider_pd? %>
             <%= t 'user.account.contributor terms.agreed_with_pd' %>
           <% end %>
         <% else %>
@@ -92,7 +92,7 @@
   <fieldset class="form-divider">
     <div class='form-row'>
       <label class="standard-label"><%= t 'user.account.profile description' %></label>
-      <%= richtext_area :user, :description, :cols => 80, :rows => 20 %>
+      <%= richtext_area :user, :description, :object => current_user, :cols => 80, :rows => 20 %>
     </div>
 
     <div class="form-row">
@@ -102,21 +102,21 @@
 
     <div class='form-row accountImage'>
       <label class="standard-label"><%= t 'user.account.image' %></label>
-        <%= user_image @user %>
+        <%= user_image current_user %>
         <ul class='form-list accountImage-options'>
-        <% if @user.image.file? %>
+        <% if current_user.image.file? %>
         <li>
-          <%= radio_button_tag "image_action", "keep", !@user.image_use_gravatar %>
+          <%= radio_button_tag "image_action", "keep", !current_user.image_use_gravatar %>
           <label class='standard-label' for='image_action_keep'><%= t 'user.account.keep image' %></label>
         </li>
         <% end %>
-        <% if @user.image.file? || @user.image_use_gravatar? %>
+        <% if current_user.image.file? || current_user.image_use_gravatar? %>
         <li>
           <%= radio_button_tag "image_action", "delete" %>
           <label class='standard-label' for='image_action_delete'><%= t 'user.account.delete image' %></label>
         </li>
         <% end %>
-        <% if @user.image.file? %>
+        <% if current_user.image.file? %>
           <li>
             <%= radio_button_tag "image_action", "new" %>
             <label class='standard-label' for='image_action_new'>
@@ -136,7 +136,7 @@
         </li>
         <% end %>
         <li>
-          <%= radio_button_tag "image_action", "gravatar", @user.image_use_gravatar %>
+          <%= radio_button_tag "image_action", "gravatar", current_user.image_use_gravatar %>
           <label class='standard-label' for='image_action_gravatar'>
             <%= t 'user.account.gravatar.gravatar' %>
             <span class='form-help deemphasize'> (<a href="<%= t 'user.account.gravatar.link' %>" target="_new"><%= t 'user.account.gravatar.link text' %></a>)</span>
@@ -149,7 +149,7 @@
   <fieldset class="form-divider">
     <div class='form-row location clearfix'>
     <label class="standard-label"><%= t 'user.account.home location' %></label>
-    <div id="homerow" <% unless @user.home_lat and @user.home_lon %>class="nohome"<%end%> >
+    <div id="homerow" <% unless current_user.home_lat and current_user.home_lon %>class="nohome"<%end%> >
       <p class="message form-help deemphasize"><%= t 'user.account.no home location' %></p>
         <div class='form-column'>
           <label class="standard-label secondary"><%= t 'user.account.latitude' %></label>
@@ -163,7 +163,7 @@
     </div>
 
     <div class="form-row">
-      <input type="checkbox" name="updatehome" value="1" <% unless @user.home_lat and @user.home_lon %> checked="checked" <% end %> id="updatehome" />
+      <input type="checkbox" name="updatehome" value="1" <% unless current_user.home_lat and current_user.home_lon %> checked="checked" <% end %> id="updatehome" />
       <label class="standard-label" for="updatehome"><%= t 'user.account.update home location on click' %></label>
     </div>
     <%= content_tag "div", "", :id => "map", :class => "content_map settings_map set_location" %>
@@ -172,7 +172,7 @@
   <%= submit_tag t('user.account.save changes button') %>
 <% end %>
 
-<% unless @user.data_public? %>
+<% unless current_user.data_public? %>
 <a name="public"></a>
 <h2><%= t 'user.account.public editing note.heading' %></h2>
 <%= raw t 'user.account.public editing note.text' %>
diff --git a/app/views/user/api_read.builder b/app/views/user/api_read.builder
index 7136b9f5867af6de53994dcad04ff5527a4f95d7..0e8bfa5eff34f1e5358fb75ceab8c6e36cf16558 100644 (file)
--- a/app/views/user/api_read.builder
+++ b/app/views/user/api_read.builder
@@ -4,7 +4,7 @@ xml.osm("version" => API_VERSION, "generator" => GENERATOR) do
                    :display_name => @this_user.display_name,
                    :account_created => @this_user.creation_time.xmlschema do
     xml.tag! "description", @this_user.description if @this_user.description
-    if @user && @user == @this_user
+    if current_user && current_user == @this_user
       xml.tag! "contributor-terms", :agreed => @this_user.terms_agreed.present?,
                                     :pd => @this_user.consider_pd
     else
@@ -28,7 +28,7 @@ xml.osm("version" => API_VERSION, "generator" => GENERATOR) do
                            :active => @this_user.blocks_created.active.size
       end
     end
-    if @user && @user == @this_user
+    if current_user && current_user == @this_user
       if @this_user.home_lat && @this_user.home_lon
         xml.tag! "home", :lat => @this_user.home_lat,
                          :lon => @this_user.home_lon,
diff --git a/app/views/user/new.html.erb b/app/views/user/new.html.erb
index fcd775a484eca5046710e344a2ecdc92dce5fe3c..5a207060eeaf101548c6400f4f5b4808caf09ec3 100644 (file)
--- a/app/views/user/new.html.erb
+++ b/app/views/user/new.html.erb
@@ -8,7 +8,7 @@
   <div class='header-illustration new-user-arm'></div>
 <% end %>
 
-<%= form_for :user, :url => { :action => 'create' }, :html => { :class => 'standard-form fillL col6 inner22' } do %>
+<%= form_for current_user, :url => { :action => 'create' }, :html => { :class => 'standard-form fillL col6 inner22' } do |f| %>
   <%= hidden_field_tag('referer', h(@referer)) unless @referer.nil? %>
 
   <fieldset>
@@ -16,15 +16,15 @@
       <label for="email" class="standard-label">
         <%= t 'user.new.email address' %>
       </label>
-      <%= email_field(:user, :email, { :tabindex => 1 }) %>
-      <%= error_message_on(:user, :email) %>
+      <%= f.email_field(:email, { :tabindex => 1 }) %>
+      <%= f.error_message_on(:email) %>
     </div>
     <div class="form-row">
       <label for="email_confirmation" class="standard-label">
         <%= t 'user.new.confirm email address' %>
       </label>
-      <%= email_field(:user, :email_confirmation, { :tabindex => 2 }) %>
-      <%= error_message_on(:user, :email_confirmation) %>
+      <%= f.email_field(:email_confirmation, { :tabindex => 2 }) %>
+      <%= f.error_message_on(:email_confirmation) %>
     </div>
     <span class="form-help deemphasize"><%= raw(t 'user.new.not displayed publicly') %></span>
   </fieldset>
@@ -34,8 +34,8 @@
       <label for="display_name" class="standard-label">
         <%= t 'user.new.display name' %>
       </label>
-      <%= text_field(:user, :display_name, { :tabindex => 3 }) %>
-      <%= error_message_on(:user, :display_name) %>
+      <%= f.text_field(:display_name, { :tabindex => 3 }) %>
+      <%= f.error_message_on(:display_name) %>
     </div>
     <span class="form-help deemphasize"><%= t 'user.new.display name description' %></span>
   </fieldset>
@@ -45,9 +45,9 @@
       <label for="openid_url" class="standard-label">
         <%= raw t 'user.new.external auth' %>
       </label>
-      <%= select(:user, :auth_provider, Auth::PROVIDERS, { :default => "", :tabindex => 4 }) %>
-      <%= text_field(:user, :auth_uid, { :tabindex => 5 }) %>
-      <%= error_message_on(:user, :auth_uid) %>
+      <%= f.select(:auth_provider, Auth::PROVIDERS, { :default => "", :tabindex => 4 }) %>
+      <%= f.text_field(:auth_uid, { :tabindex => 5 }) %>
+      <%= f.error_message_on(:auth_uid) %>
     </div>
     <span class="form-help deemphasize"><%= t 'user.new.auth no password' %></span>
   </fieldset>
@@ -57,15 +57,15 @@
       <label for='user[pass_crypt]' class="standard-label">
         <%= t 'user.new.password' %>
       </label>
-      <%= password_field(:user, :pass_crypt, { :tabindex => 6 }) %>
-      <%= error_message_on(:user, :pass_crypt) %>
+      <%= f.password_field(:pass_crypt, { :tabindex => 6 }) %>
+      <%= f.error_message_on(:pass_crypt) %>
     </div>
     <div class="form-row">
       <label class="standard-label">
         <%= t 'user.new.confirm password' %>
       </label>
-      <%= password_field(:user, :pass_crypt_confirmation, { :tabindex => 7 }) %>
-      <%= error_message_on(:user, :pass_crypt_confirmation) %>
+      <%= f.password_field(:pass_crypt_confirmation, { :tabindex => 7 }) %>
+      <%= f.error_message_on(:pass_crypt_confirmation) %>
     </div>
   </fieldset>
 
diff --git a/app/views/user/reset_password.html.erb b/app/views/user/reset_password.html.erb
index d1718a5e4853f074a77c3b6dd488a62c1057e68e..4cb94374ade7f47069d80448106efad3320194c2 100644 (file)
--- a/app/views/user/reset_password.html.erb
+++ b/app/views/user/reset_password.html.erb
@@ -1,5 +1,5 @@
 <% content_for :heading do %>
-  <h1><%= t 'user.reset_password.heading', :user => @user.display_name %></h1>
+  <h1><%= t 'user.reset_password.heading', :user => current_user.display_name %></h1>
 <% end %>
 
 <%= error_messages_for :user %>
diff --git a/app/views/user/view.html.erb b/app/views/user/view.html.erb
index 91f85f305aa2ecd7689f54b5224c0041f73fe8b7..137a390ba1fe6437b3280e7fafa1da6f21135eaf 100644 (file)
--- a/app/views/user/view.html.erb
+++ b/app/views/user/view.html.erb
@@ -3,42 +3,42 @@
     <%= user_image @this_user %>
     <div class='userinformation-inner'>
       <h1><%= @this_user.display_name %><%= role_icons(@this_user) %></h1>
-      <% if @user and @this_user.id == @user.id %>
+      <% if current_user and @this_user.id == current_user.id %>
         <!-- Displaying user's own profile page to themself -->
         <ul class='secondary-actions clearfix'>
           <li>
-            <%= link_to t('user.view.my edits'), :controller => 'changeset', :action => 'list', :display_name => @user.display_name %>
-            <span class='count-number'><%= number_with_delimiter(@user.changesets.size) %></span>
+            <%= link_to t('user.view.my edits'), :controller => 'changeset', :action => 'list', :display_name => current_user.display_name %>
+            <span class='count-number'><%= number_with_delimiter(current_user.changesets.size) %></span>
           </li>
           <li>
             <%= link_to t('user.view.my notes'), :controller => 'notes', :action=> 'mine' %>
           </li>
           <li>
             <%= link_to t('user.view.my traces'), :controller => 'trace', :action=>'mine' %>
-            <span class='count-number'><%= number_with_delimiter(@user.traces.size) %></span>
+            <span class='count-number'><%= number_with_delimiter(current_user.traces.size) %></span>
           </li>
           <li>
-            <%= link_to t('user.view.my diary'), :controller => 'diary_entry', :action => 'list', :display_name => @user.display_name %>
-            <span class='count-number'><%= number_with_delimiter(@user.diary_entries.size) %></span>
+            <%= link_to t('user.view.my diary'), :controller => 'diary_entry', :action => 'list', :display_name => current_user.display_name %>
+            <span class='count-number'><%= number_with_delimiter(current_user.diary_entries.size) %></span>
           </li>
           <li>
-            <%= link_to t('user.view.my comments' ), :controller => 'diary_entry', :action => 'comments', :display_name => @user.display_name %>
+            <%= link_to t('user.view.my comments' ), :controller => 'diary_entry', :action => 'comments', :display_name => current_user.display_name %>
           </li>
           <li>
-            <%= link_to t('user.view.my settings'), :controller => 'user', :action => 'account', :display_name => @user.display_name %>
+            <%= link_to t('user.view.my settings'), :controller => 'user', :action => 'account', :display_name => current_user.display_name %>
           </li>
 
-          <% if @user.blocks.exists? %>
+          <% if current_user.blocks.exists? %>
             <li>
-              <%= link_to t('user.view.blocks on me'), :controller => 'user_blocks', :action => 'blocks_on', :display_name => @user.display_name %>
-              <span class='count-number'><%= number_with_delimiter(@user.blocks.active.size) %></span>
+              <%= link_to t('user.view.blocks on me'), :controller => 'user_blocks', :action => 'blocks_on', :display_name => current_user.display_name %>
+              <span class='count-number'><%= number_with_delimiter(current_user.blocks.active.size) %></span>
             </li>
           <% end %>
 
-          <% if @user and @user.moderator? and @user.blocks_created.exists? %>
+          <% if current_user and current_user.moderator? and current_user.blocks_created.exists? %>
             <li>
-              <%= link_to t('user.view.blocks by me'), :controller => 'user_blocks', :action => 'blocks_by', :display_name => @user.display_name %>
-              <span class='count-number'><%= number_with_delimiter(@user.blocks_created.active.size) %></span>
+              <%= link_to t('user.view.blocks by me'), :controller => 'user_blocks', :action => 'blocks_by', :display_name => current_user.display_name %>
+              <span class='count-number'><%= number_with_delimiter(current_user.blocks_created.active.size) %></span>
             </li>
           <% end %>
 
@@ -73,9 +73,9 @@
             <%= link_to t('user.view.comments'), :controller => 'diary_entry', :action => 'comments', :display_name => @this_user.display_name %>
           </li>
           <li>
-            <% if @user and @user.is_friends_with?(@this_user) %>
+            <% if current_user and current_user.is_friends_with?(@this_user) %>
               <%= link_to t('user.view.remove as friend'), remove_friend_path(:display_name => @this_user.display_name), :method => :post %>
-            <% elsif @user %>
+            <% elsif current_user %>
               <%= link_to t('user.view.add as friend'), make_friend_path(:display_name => @this_user.display_name), :method => :post %>
             <% else %>
               <%= link_to t('user.view.add as friend'), make_friend_path(:display_name => @this_user.display_name) %>
@@ -96,7 +96,7 @@
             </li>
           <% end %>
 
-          <% if @user and @user.moderator? %>
+          <% if current_user and current_user.moderator? %>
             <li>
             <%= link_to t('user.view.create_block'), :controller => 'user_blocks', :action => 'new', :display_name => @this_user.display_name %>
             </li>
@@ -106,7 +106,7 @@
 
       <% end %>
 
-      <% if @user and @user.administrator? %>
+      <% if current_user and current_user.administrator? %>
 
         <ul class='secondary-actions clearfix'>
           <% if ["active", "confirmed"].include? @this_user.status %>
@@ -158,7 +158,7 @@
 
   </div>
 
-  <% if @user and @user.administrator? -%>
+  <% if current_user and current_user.administrator? -%>
     <div class='admin-user-info deemphasize'>
       <small><b><%= t 'user.view.email address' %></b> <%= @this_user.email %></small>
       <% unless @this_user.creation_ip.nil? -%>
@@ -171,10 +171,10 @@
 
 <% end %>
 
-  <% if @user and @this_user.id == @user.id %>
+  <% if current_user and @this_user.id == current_user.id %>
     <% if @this_user.home_lat.nil? or @this_user.home_lon.nil? %>
       <div id="map" class="content_map">
-        <p id="no_home_location"><%= raw(t 'user.view.if set location', :settings_link => (link_to t('user.view.settings_link_text'), :controller => 'user', :action => 'account', :display_name => @user.display_name)) %></p>
+        <p id="no_home_location"><%= raw(t 'user.view.if set location', :settings_link => (link_to t('user.view.settings_link_text'), :controller => 'user', :action => 'account', :display_name => current_user.display_name)) %></p>
       </div>
     <% else %>
       <% content_for :head do %>
@@ -182,10 +182,10 @@
       <% end %>
       <%
         user_data = {
-          :lon => @user.home_lon,
-          :lat => @user.home_lat,
+          :lon => current_user.home_lon,
+          :lat => current_user.home_lat,
           :icon => image_path("marker-red.png"),
-          :description => render(:partial => "popup", :object => @user, :locals => {:type => "your location"})
+          :description => render(:partial => "popup", :object => current_user, :locals => {:type => "your location"})
         }
       %>
       <%= content_tag "div", "", :id => "map", :class => "content_map", :data => {:user => user_data} %>
diff --git a/app/views/user_blocks/_block.html.erb b/app/views/user_blocks/_block.html.erb
index 362cfd107bcf9b5c371629515958e6c239e16902..501ae92d0ca1a80defd631320be9e59c868bd24a 100644 (file)
--- a/app/views/user_blocks/_block.html.erb
+++ b/app/views/user_blocks/_block.html.erb
@@ -17,7 +17,7 @@
     <% end %>
   </td>
   <td class="<%= c1 %>"><%= link_to t('user_block.partial.show'), block %></td>
-  <td class="<%= c1 %>"><% if @user and @user.id == block.creator_id and block.active? %><%= link_to t('user_block.partial.edit'), edit_user_block_path(block) %><% end %></td>
+  <td class="<%= c1 %>"><% if current_user and current_user.id == block.creator_id and block.active? %><%= link_to t('user_block.partial.edit'), edit_user_block_path(block) %><% end %></td>
   <% if show_revoke_link %>
   <td class="<%= c1 %>"><% if block.active? %><%= link_to t('user_block.partial.revoke'), :controller => 'user_blocks', :action => 'revoke', :id => block.id %><% end %></td>
   <% end %>
diff --git a/app/views/user_blocks/blocks_by.html.erb b/app/views/user_blocks/blocks_by.html.erb
index a8d761288406adf1868850074a704d1f8a3e7ca5..d2f888e7d185f8a30ef13c06316dad0c1b8b8a73 100644 (file)
--- a/app/views/user_blocks/blocks_by.html.erb
+++ b/app/views/user_blocks/blocks_by.html.erb
@@ -4,7 +4,7 @@
 <% end %>
 
 <% unless @user_blocks.empty? %>
-<%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => true, :show_creator_name => false } %>
+<%= render :partial => 'blocks', :locals => { :show_revoke_link => (current_user and current_user.moderator?), :show_user_name => true, :show_creator_name => false } %>
 <% else %>
 <p><%= t "user_block.blocks_by.empty", :name => h(@this_user.display_name) %></p>
 <% end %>
diff --git a/app/views/user_blocks/blocks_on.html.erb b/app/views/user_blocks/blocks_on.html.erb
index 8e91935ed4f5ea7ae3a122fe6e1c1d2e2a8d7ee7..3973355317d03f04d24481c7ad58d000d6358344 100644 (file)
--- a/app/views/user_blocks/blocks_on.html.erb
+++ b/app/views/user_blocks/blocks_on.html.erb
@@ -3,7 +3,7 @@
   <h1><%= raw(t('user_block.blocks_on.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name}))) %></h1>
 <% end %>
 <% unless @user_blocks.empty? %>
-<%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => false, :show_creator_name => true } %>
+<%= render :partial => 'blocks', :locals => { :show_revoke_link => (current_user and current_user.moderator?), :show_user_name => false, :show_creator_name => true } %>
 <% else %>
 <p><%= t "user_block.blocks_on.empty", :name => h(@this_user.display_name) %></p>
 <% end %>
diff --git a/app/views/user_blocks/index.html.erb b/app/views/user_blocks/index.html.erb
index 8cf7e81b753a81e1b6b765a3350d137eed4a83f4..ce7f12b9150db41336b1d0c778cf1f0b9bdabbf8 100644 (file)
--- a/app/views/user_blocks/index.html.erb
+++ b/app/views/user_blocks/index.html.erb
@@ -4,7 +4,7 @@
 <% end %>
 
 <% unless @user_blocks.empty? %>
-<%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => true, :show_creator_name => true } %>
+<%= render :partial => 'blocks', :locals => { :show_revoke_link => (current_user and current_user.moderator?), :show_user_name => true, :show_creator_name => true } %>
 <% else %>
 <p><%= t "user_block.index.empty" %></p>
 <% end %>
diff --git a/app/views/user_blocks/show.html.erb b/app/views/user_blocks/show.html.erb
index ccd6df06faf5b3bccee26756f5175f69cf6d7c48..cc0caa6f3f2d44590c0e39d5e83e4a517d00b60c 100644 (file)
--- a/app/views/user_blocks/show.html.erb
+++ b/app/views/user_blocks/show.html.erb
@@ -12,10 +12,10 @@
                                      {:controller => 'user', :action => 'view', :display_name => @user_block.creator.display_name})) %></h1>
 <ul class='secondary-actions clearfix'>
   <% if @user_block.ends_at > Time.now.getutc %>
-    <% if @user and @user.id == @user_block.creator_id %>
+    <% if current_user and current_user.id == @user_block.creator_id %>
       <li><%= link_to t('user_block.show.edit'), edit_user_block_path(@user_block) %></li>
     <% end %>
-    <% if @user and @user.moderator? %>
+    <% if current_user and current_user.moderator? %>
       <li><%= link_to(t('user_block.show.revoke'),{:controller => 'user_blocks', :action => 'revoke', :id => @user_block.id}) %></li>
     <% end %>
   <% end %>
diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb
index 3e71ea06a166a4da6d9a2d0de1223b4dbd75f617..4dcb1108a8ae4bb0b41de22bed38997a2f596b50 100644 (file)
--- a/test/controllers/user_controller_test.rb
+++ b/test/controllers/user_controller_test.rb
@@ -782,6 +782,10 @@ class UserControllerTest < ActionController::TestCase
     get :account, :params => { :display_name => user.display_name }, :session => { :user => user }
     assert_response :success
     assert_template :account
+    assert_select "form#accountForm" do |form|
+      assert_equal "post", form.attr("method").to_s
+      assert_equal "/user/#{URI.encode(user.display_name)}/account", form.attr("action").to_s
+    end
 
     # Updating the description should work
     user.description = "new description"
diff --git a/test/helpers/application_helper_test.rb b/test/helpers/application_helper_test.rb
index 720113e65d7310081febc35fcf182ba2e3163c64..d1c41d62c105cb905197cd53303c34bd5bc7be55 100644 (file)
--- a/test/helpers/application_helper_test.rb
+++ b/test/helpers/application_helper_test.rb
@@ -1,6 +1,8 @@
 require "test_helper"
 
 class ApplicationHelperTest < ActionView::TestCase
+  attr_accessor :current_user
+
   def setup
     I18n.locale = "en"
   end
@@ -46,7 +48,7 @@ class ApplicationHelperTest < ActionView::TestCase
   end
 
   def test_style_rules
-    @user = nil
+    self.current_user = nil
 
     css = style_rules
     assert_match /\.hidden /, css
@@ -57,36 +59,36 @@ class ApplicationHelperTest < ActionView::TestCase
     assert_match /\.hide_unless_administrator /, css
     assert_match /\.hide_unless_moderator /, css
 
-    @user = create(:user)
+    self.current_user = create(:user)
 
     css = style_rules
     assert_match /\.hidden /, css
     assert_no_match /\.hide_unless_logged_in /, css
     assert_match /\.hide_if_logged_in /, css
-    assert_match /\.hide_if_user_#{@user.id} /, css
-    assert_match /\.show_if_user_#{@user.id} /, css
+    assert_match /\.hide_if_user_#{current_user.id} /, css
+    assert_match /\.show_if_user_#{current_user.id} /, css
     assert_match /\.hide_unless_administrator /, css
     assert_match /\.hide_unless_moderator /, css
 
-    @user = create(:moderator_user)
+    self.current_user = create(:moderator_user)
 
     css = style_rules
     assert_match /\.hidden /, css
     assert_no_match /\.hide_unless_logged_in /, css
     assert_match /\.hide_if_logged_in /, css
-    assert_match /\.hide_if_user_#{@user.id} /, css
-    assert_match /\.show_if_user_#{@user.id} /, css
+    assert_match /\.hide_if_user_#{current_user.id} /, css
+    assert_match /\.show_if_user_#{current_user.id} /, css
     assert_match /\.hide_unless_administrator /, css
     assert_no_match /\.hide_unless_moderator /, css
 
-    @user = create(:administrator_user)
+    self.current_user = create(:administrator_user)
 
     css = style_rules
     assert_match /\.hidden /, css
     assert_no_match /\.hide_unless_logged_in /, css
     assert_match /\.hide_if_logged_in /, css
-    assert_match /\.hide_if_user_#{@user.id} /, css
-    assert_match /\.show_if_user_#{@user.id} /, css
+    assert_match /\.hide_if_user_#{current_user.id} /, css
+    assert_match /\.show_if_user_#{current_user.id} /, css
     assert_no_match /\.hide_unless_administrator /, css
     assert_match /\.hide_unless_moderator /, css
   end
diff --git a/test/helpers/user_roles_helper_test.rb b/test/helpers/user_roles_helper_test.rb
index 880c16e5909429305533498b096e9da00cca7a10..3ffc9fbff9b5937572cb0be9b4ba688649ba668e 100644 (file)
--- a/test/helpers/user_roles_helper_test.rb
+++ b/test/helpers/user_roles_helper_test.rb
@@ -1,11 +1,12 @@
 require "test_helper"
 
 class UserRolesHelperTest < ActionView::TestCase
+  attr_accessor :current_user
+
   def test_role_icon_normal
-    user = create(:user)
-    @user = user
+    self.current_user = create(:user)
 
-    icon = role_icon(user, "moderator")
+    icon = role_icon(current_user, "moderator")
     assert_dom_equal "", icon
 
     icon = role_icon(create(:moderator_user), "moderator")
@@ -13,7 +14,7 @@ class UserRolesHelperTest < ActionView::TestCase
   end
 
   def test_role_icon_administrator
-    @user = create(:administrator_user)
+    self.current_user = create(:administrator_user)
 
     user = create(:user)
     icon = role_icon(user, "moderator")
@@ -25,10 +26,9 @@ class UserRolesHelperTest < ActionView::TestCase
   end
 
   def test_role_icons_normal
-    user = create(:user)
-    @user = user
+    self.current_user = create(:user)
 
-    icons = role_icons(user)
+    icons = role_icons(current_user)
     assert_dom_equal "  ", icons
 
     icons = role_icons(create(:moderator_user))
@@ -39,7 +39,7 @@ class UserRolesHelperTest < ActionView::TestCase
   end
 
   def test_role_icons_administrator
-    @user = create(:administrator_user)
+    self.current_user = create(:administrator_user)
 
     user = create(:user)
     icons = role_icons(user)
diff --git a/test/integration/cors_test.rb b/test/integration/cors_test.rb
index 05754da7185d4735c9a95796b98377e3befdfeee..9ff7e360e50f1c903342e293da2659dfe2706c23 100644 (file)
--- a/test/integration/cors_test.rb
+++ b/test/integration/cors_test.rb
@@ -8,15 +8,20 @@ class CORSTest < ActionDispatch::IntegrationTest
     }
 
     assert_response :success
-    assert_equal "http://www.example.com", response.headers["Access-Control-Allow-Origin"]
+    assert_equal "*", response.headers["Access-Control-Allow-Origin"]
+    assert_equal "text/plain", response.content_type
+    assert_equal "", response.body
   end
 
   def test_non_api_routes_dont_allow_cross_origin_requests
-    assert_raises ActionController::RoutingError do
-      process :options, "/", :headers => {
-        "HTTP_ORIGIN" => "http://www.example.com",
-        "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
-      }
-    end
+    process :options, "/", :headers => {
+      "HTTP_ORIGIN" => "http://www.example.com",
+      "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+    }
+
+    assert_response :success
+    assert_nil response.headers["Access-Control-Allow-Origin"]
+    assert_nil response.content_type
+    assert_equal "", response.body
   end
 end
The OpenStreetMap web site