From: Tom Hughes <tom@compton.nu>
Date: Wed, 20 Apr 2011 19:57:01 +0000 (+0100)
Subject: Allow user details to be fetched without agreeing terms
X-Git-Tag: live~6234^2~34
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/02e186ee5b1162cf726ccb09929a9cbf80e2efbe?ds=inline

Allow user details to be fetched without agreeing terms
---

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8062c9fe3..6c19b3a52 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -18,7 +18,7 @@ class ApplicationController < ActionController::Base
 
         # don't allow access to any auth-requiring part of the site unless
         # the new CTs have been seen (and accept/decline chosen).
-      elsif !@user.terms_seen and flash[:showing_terms].nil?
+      elsif !@user.terms_seen and flash[:skip_terms].nil?
         flash[:notice] = t 'user.terms.you need to accept or decline'
         if params[:referer]
           redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
@@ -120,7 +120,7 @@ class ApplicationController < ActionController::Base
       # if the user hasn't seen the contributor terms then don't
       # allow editing - they have to go to the web site and see
       # (but can decline) the CTs to continue.
-      if REQUIRE_TERMS_SEEN and not @user.terms_seen
+      if REQUIRE_TERMS_SEEN and not @user.terms_seen and flash[:skip_terms].nil?
         set_locale
         report_error t('application.setup_user_auth.need_to_see_terms'), :forbidden
       end
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index de43fee14..97b0de73c 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -1,7 +1,7 @@
 class UserController < ApplicationController
   layout :choose_layout
 
-  before_filter :disable_terms_redirect, :only => [:terms, :save, :logout]
+  before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
   before_filter :authorize, :only => [:api_details, :api_gpx_files]
   before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
   before_filter :set_locale, :except => [:api_details, :api_gpx_files]
@@ -522,6 +522,6 @@ private
     # this is necessary otherwise going to the user terms page, when 
     # having not agreed already would cause an infinite redirect loop.
     # it's .now so that this doesn't propagate to other pages.
-    flash.now[:showing_terms] = true
+    flash.now[:skip_terms] = true
   end
 end
diff --git a/test/integration/user_blocks_test.rb b/test/integration/user_blocks_test.rb
index ecd1d37c5..b4ca49022 100644
--- a/test/integration/user_blocks_test.rb
+++ b/test/integration/user_blocks_test.rb
@@ -38,9 +38,6 @@ class UserBlocksTest < ActionController::IntegrationTest
 
     # revoke the ban
     get '/login'
-    assert_response :redirect
-    assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true"
-    follow_redirect!
     assert_response :success
     post '/login', {'user[email]' => moderator.email, 'user[password]' => "test", :referer => "/blocks/#{block.id}/revoke"}
     assert_response :redirect