|
|
|
module ActiveRecord
|
|
|
|
class PremissionDenied < RuntimeError
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class ApplicationController < LinguaFrancaApplicationController
|
|
|
|
# Prevent CSRF attacks by raising an exception.
|
|
|
|
# For APIs, you may want to use :null_session instead.
|
|
|
|
protect_from_forgery with: :exception, :except => [:do_confirm]
|
|
|
|
|
|
|
|
before_filter :capture_page_info
|
|
|
|
|
|
|
|
@@test_host
|
|
|
|
@@test_location
|
|
|
|
|
|
|
|
def capture_page_info
|
|
|
|
# set the translator to the current user if we're logged in
|
|
|
|
I18n.config.translator = current_user
|
|
|
|
|
|
|
|
# get the current confernece and set it globally
|
|
|
|
@conference = Conference.order("start_date DESC").first
|
|
|
|
|
|
|
|
# add some style sheets
|
|
|
|
@stylesheets ||= Array.new
|
|
|
|
# add the translations stylesheet if translating
|
|
|
|
@stylesheets << params[:controller] if params[:controller] == 'translations'
|
|
|
|
|
|
|
|
ActionMailer::Base.default_url_options = {:host => "#{request.protocol}#{request.host_with_port}"}
|
|
|
|
|
|
|
|
if request.post? && params[:action] == 'do_confirm'
|
|
|
|
halt_redirection!
|
|
|
|
end
|
|
|
|
|
|
|
|
# call the base method to detect the language
|
|
|
|
super
|
|
|
|
end
|
|
|
|
|
|
|
|
def policy
|
|
|
|
@is_policy_page = true
|
|
|
|
end
|
|
|
|
|
|
|
|
def robots
|
|
|
|
robot = is_production? && !is_test_server? ? 'live' : 'dev'
|
|
|
|
render :text => File.read("config/robots-#{robot}.txt"), :content_type => 'text/plain'
|
|
|
|
end
|
|
|
|
|
|
|
|
def humans
|
|
|
|
render :text => File.read("config/humans.txt"), :content_type => 'text/plain'
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.set_host(host)
|
|
|
|
@@test_host = host
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.set_location(location)
|
|
|
|
@@test_location = location
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.get_location()
|
|
|
|
@@test_location
|
|
|
|
end
|
|
|
|
|
|
|
|
def do_404
|
|
|
|
render 'application/404', status: 404
|
|
|
|
end
|
|
|
|
|
|
|
|
def error_404
|
|
|
|
render 'application/404'
|
|
|
|
end
|
|
|
|
|
|
|
|
def do_403(template = nil)
|
|
|
|
@template = template
|
|
|
|
render 'application/permission_denied', status: 403
|
|
|
|
end
|
|
|
|
|
|
|
|
rescue_from ActiveRecord::RecordNotFound do |exception|
|
|
|
|
do_404
|
|
|
|
end
|
|
|
|
|
|
|
|
rescue_from ActiveRecord::PremissionDenied do |exception|
|
|
|
|
do_403
|
|
|
|
end
|
|
|
|
|
|
|
|
rescue_from AbstractController::ActionNotFound do |exception|
|
|
|
|
@banner_image = 'grafitti.jpg'
|
|
|
|
|
|
|
|
if current_user
|
|
|
|
@page_title = nil#'page_titles.Please_Login'
|
|
|
|
do_403 'not_a_translator'
|
|
|
|
#return
|
|
|
|
else
|
|
|
|
@page_title = 'page_titles.403.Please_Login'
|
|
|
|
do_403 'translator_login'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def generate_confirmation(user, url, expiry = nil)
|
|
|
|
if user.is_a? String
|
|
|
|
user = User.find_by_email(user)
|
|
|
|
|
|
|
|
# if the user doesn't exist, just show them a 403
|
|
|
|
do_403 unless user
|
|
|
|
end
|
|
|
|
expiry ||= (Time.now + 12.hours)
|
|
|
|
session[:confirm_uid] = user.id
|
|
|
|
#confirmation = EmailConfirmation.create(user_id: user.id, expiry: expiry, url: url)
|
|
|
|
#UserMailer.email_confirmation(confirmation).deliver_now
|
|
|
|
UserMailer.send_mail :email_confirmation do
|
|
|
|
{
|
|
|
|
:args => EmailConfirmation.create(user_id: user.id, expiry: expiry, url: url)
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def do_confirm(settings = nil)
|
|
|
|
settings ||= {:template => 'login_confirmation_sent'}
|
|
|
|
if params[:email]
|
|
|
|
# see if we've already sent the confirmation email and are just confirming
|
|
|
|
# the email address
|
|
|
|
if params[:token]
|
|
|
|
user = User.find_by_email(params[:email])
|
|
|
|
confirm(user)
|
|
|
|
return
|
|
|
|
end
|
|
|
|
user = User.find_by_email(params[:email])
|
|
|
|
|
|
|
|
if !user
|
|
|
|
# not really a good UX so we should fix this later
|
|
|
|
#do_404
|
|
|
|
#return
|
|
|
|
user = User.new(:email => params[:email])
|
|
|
|
user.save!
|
|
|
|
user = User.find_by_email(params[:email])
|
|
|
|
end
|
|
|
|
|
|
|
|
# genereate the confirmation, send the email and show the 403
|
|
|
|
referrer = request.referer.gsub(/^.*?\/\/.*?\//, '/')
|
|
|
|
generate_confirmation(params[:email], referrer)
|
|
|
|
template = 'login_confirmation_sent'
|
|
|
|
@page_title ||= 'page_titles.403.Please_Check_Email'
|
|
|
|
|
|
|
|
if (conference = /^\/conferences\/(\w+)\/register\/?$/.match(request.referrer.gsub(/^https?:\/\/.*?\//, '/')))
|
|
|
|
@this_conference = Conference.find_by!(slug: conference[1])
|
|
|
|
@banner_image = @this_conference.cover_url
|
|
|
|
template = 'conferences/email_confirm'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
if request.post?
|
|
|
|
@banner_image ||= 'grafitti.jpg'
|
|
|
|
@page_title ||= 'page_titles.403.Please_Login'
|
|
|
|
|
|
|
|
do_403 (template || 'translator_login')
|
|
|
|
else
|
|
|
|
do_404
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def confirm(uid = nil)
|
|
|
|
@confirmation = EmailConfirmation.find_by_token!(params[:token])
|
|
|
|
|
|
|
|
confirm_user = nil
|
|
|
|
if uid.is_a?(User)
|
|
|
|
confirm_user = uid
|
|
|
|
uid = confirm_user.id
|
|
|
|
end
|
|
|
|
# check to see if we were given a user id to confirm against
|
|
|
|
# if we were, make sure it was the same one
|
|
|
|
if (uid ||= (params[:uid] || session[:confirm_uid]))
|
|
|
|
if uid == @confirmation.user_id
|
|
|
|
session[:uid] = nil
|
|
|
|
confirm_user ||= User.find uid
|
|
|
|
auto_login(confirm_user)
|
|
|
|
else
|
|
|
|
@confirmation.delete
|
|
|
|
end
|
|
|
|
|
|
|
|
redirect_to (@confirmation.url || '/')
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
@banner_image = 'grafitti.jpg'
|
|
|
|
@page_title = 'page_titles.403.Please_Confirm_Email'
|
|
|
|
do_403 'login_confirm'
|
|
|
|
end
|
|
|
|
|
|
|
|
def translator_request
|
|
|
|
@banner_image = 'grafitti.jpg'
|
|
|
|
@page_title = 'page_titles.403.Translator_Request_Sent'
|
|
|
|
do_403 'translator_request_sent'
|
|
|
|
end
|
|
|
|
|
|
|
|
def user_logout
|
|
|
|
logout()
|
|
|
|
redirect_to (params[:url] || '/')
|
|
|
|
end
|
|
|
|
|
|
|
|
def login_user(u)
|
|
|
|
auto_login(u)
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|