From c6623db61b06cd496b9358171111a0ab86a03d5a Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Tue, 13 Mar 2012 00:23:12 +0000 Subject: Admin users clicking confirmation links Fixes #446. See issue for details. --- app/controllers/application_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b681f455d..434f12a49 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -294,6 +294,7 @@ class ApplicationController < ActionController::Base if params[:post_redirect] and session[:post_redirect_token] post_redirect = PostRedirect.find_by_token(session[:post_redirect_token]) params.update(post_redirect.post_params) + params[:post_redirect_user] = post_redirect.user end end -- cgit v1.2.3 From 6d55519425c41cd292a7dfe0809e0e59d9504b56 Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Tue, 13 Mar 2012 00:26:42 +0000 Subject: No code changes Just trailing whitespace & one comment. --- app/controllers/application_controller.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 434f12a49..506b57b60 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -224,15 +224,15 @@ class ApplicationController < ActionController::Base post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params, :reason_params => reason_params) post_redirect.save! - # 'modal' controls whether the sign-in form will be displayed in the typical full-blown - # page or on its own, useful for pop-ups + # 'modal' controls whether the sign-in form will be displayed in the typical full-blown + # page or on its own, useful for pop-ups redirect_to signin_url(:token => post_redirect.token, :modal => params[:modal]) return false end return true end - def authenticated_as_user?(user, reason_params) + def authenticated_as_user?(user, reason_params) reason_params[:user_name] = user.name reason_params[:user_url] = show_user_url(:url_name => user.url_name) if session[:user_id] @@ -274,6 +274,8 @@ class ApplicationController < ActionController::Base # XXX what is the built in Ruby URI munging function that can do this # choice of & vs. ? more elegantly than this dumb if statement? if uri.include?("?") + # XXX This looks odd. What would a fragment identifier be doing server-side? + # But it also looks harmless, so I’ll leave it just in case. if uri.include?("#") uri.sub!("#", "&post_redirect=1#") else -- cgit v1.2.3 From ac108a6c3ac503dc185a12d502653fca597eeacd Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Tue, 20 Mar 2012 15:06:18 +0000 Subject: Fix the "log in as" function Previously the "log in as" function after 3b6e5a692b852a88f55b21a7210f60a6f7cfc24b would attempt to log the admin user out before issuing the redirect. Unfortunately this approach does not work on WhatDoTheyKnow, where the admin pages are served via a different domain (secure.mysociety.org) and so do not share session information with the rest of the site. This commit changes it to mark the PostRedirect with circumstance == "login_as", which signals the user controller to log out the previous user even if they are an admin. In other words, the user is logged out on the main site rather than the admin site, skirting this problem. Closes #450. --- app/controllers/application_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 506b57b60..0508abe76 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -151,8 +151,8 @@ class ApplicationController < ActionController::Base false end - # Called from test code, is a mimic of User.confirm, for use in following email - # links when in controller tests (since we don't have full integration tests that + # Called from test code, is a mimic of UserController.confirm, for use in following email + # links when in controller tests (though we also have full integration tests that # can work over multiple controllers) def test_code_redirect_by_email_token(token, controller_example_group) post_redirect = PostRedirect.find_by_email_token(token) -- cgit v1.2.3 From 74d74416d145a49c04f62ec9659f1a564251c1b6 Mon Sep 17 00:00:00 2001 From: James McKinney Date: Mon, 2 Apr 2012 18:00:22 +0100 Subject: use Rails.root, not RAILS_ROOT --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0508abe76..0ec8e206e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -178,7 +178,7 @@ class ApplicationController < ActionController::Base end def foi_fragment_cache_path(param) - path = File.join(RAILS_ROOT, 'cache', 'views', foi_fragment_cache_part_path(param)) + path = File.join(Rails.root, 'cache', 'views', foi_fragment_cache_part_path(param)) max_file_length = 255 - 35 # we subtract 35 because tempfile # adds on a variable number of # characters -- cgit v1.2.3 From 4533b28661d6ce6973becf5877e82ca5656c37d2 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Fri, 20 Apr 2012 19:10:10 +0100 Subject: More changes and refactoring to make purges work. --- app/controllers/application_controller.rb | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0ec8e206e..0d0cca3e4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,3 +1,4 @@ +# -*- coding: utf-8 -*- # controllers/application.rb: # Parent class of all controllers in FOI site. Filters added to this controller # apply to all controllers in the application. Likewise, all the methods added @@ -543,16 +544,6 @@ class ApplicationController < ActionController::Base return country end - def quietly_try_to_open(url) - begin - result = open(url).read.strip - rescue OpenURI::HTTPError, SocketError, Errno::ETIMEDOUT, Errno::ECONNREFUSED, Errno::EHOSTUNREACH - logger.warn("Unable to open third-party URL #{url}") - result = "" - end - return result - end - # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into # all of all. -- cgit v1.2.3 From e37dceb05e564b4d90b75a8c3eacff90b8ad3d14 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Tue, 15 May 2012 09:30:02 +0100 Subject: Allow themes to effect the design of error pages --- app/controllers/application_controller.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0d0cca3e4..e354b64a4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -120,6 +120,13 @@ class ApplicationController < ActionController::Base def rescue_action_in_public(exception) # Make sure expiry time for session is set (before_filters are # otherwise missed by this override) + begin + set_view_paths + rescue NameError => e + if !(e.message =~ /undefined local variable or method `set_view_paths'/) + raise + end + end session_remember_me case exception when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError -- cgit v1.2.3 From 014c5a221a3ac47d89de71cfd81054f39ac3759d Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Tue, 15 May 2012 09:52:11 +0100 Subject: Remove trailing whitespace (to make a cleaner forthcoming merge with wombleton:feature/440_sparkly_admin_css) --- app/controllers/application_controller.rb | 32 +++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0d0cca3e4..7e0096179 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -20,7 +20,7 @@ class ApplicationController < ActionController::Base # Send notification email on exceptions include ExceptionNotification::Notifiable - + # Note: a filter stops the chain if it redirects or renders something before_filter :authentication_check before_filter :set_gettext_locale @@ -34,7 +34,7 @@ class ApplicationController < ActionController::Base def set_vary_header response.headers['Vary'] = 'Cookie' end - + helper_method :anonymous_cache, :short_cache, :medium_cache, :long_cache def anonymous_cache(time) if session[:user_id].nil? @@ -119,7 +119,7 @@ class ApplicationController < ActionController::Base # Override default error handler, for production sites. def rescue_action_in_public(exception) # Make sure expiry time for session is set (before_filters are - # otherwise missed by this override) + # otherwise missed by this override) session_remember_me case exception when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError @@ -141,13 +141,13 @@ class ApplicationController < ActionController::Base alias original_rescue_action_locally rescue_action_locally def rescue_action_locally(exception) # Make sure expiry time for session is set (before_filters are - # otherwise missed by this override) + # otherwise missed by this override) session_remember_me # Display default, detailed error for developers original_rescue_action_locally(exception) end - + def local_request? false end @@ -208,7 +208,7 @@ class ApplicationController < ActionController::Base end end - # get the local locale + # get the local locale def locale_from_params(*args) if params[:show_locale] params[:show_locale] @@ -308,7 +308,7 @@ class ApplicationController < ActionController::Base end end - # + # def check_read_only read_only = MySociety::Config.get('READ_ONLY', '') if !read_only.empty? @@ -337,7 +337,7 @@ class ApplicationController < ActionController::Base @http_auth_user = admin_http_auth_user end - # Convert URL name for sort by order, to Xapian query + # Convert URL name for sort by order, to Xapian query def order_to_sort_by(sortby) if sortby.nil? return [nil, nil] @@ -353,7 +353,7 @@ class ApplicationController < ActionController::Base end # Function for search - def perform_search(models, query, sortby, collapse, per_page = 25, this_page = nil) + def perform_search(models, query, sortby, collapse, per_page = 25, this_page = nil) @query = query @sortby = sortby @@ -389,7 +389,7 @@ class ApplicationController < ActionController::Base collapse = 'request_collapse' end options = { - :offset => (@page - 1) * @per_page, + :offset => (@page - 1) * @per_page, :limit => @per_page, :sort_by_prefix => nil, :sort_by_ascending => true, @@ -408,7 +408,7 @@ class ApplicationController < ActionController::Base if e.message =~ /^QueryParserError: Wildcard/ # Wildcard expands to too many terms logger.info "Wildcard query '#{query.strip + '*'}' caused: #{e.message}" - + user_query = ActsAsXapian.query_parser.parse_query( query, Xapian::QueryParser::FLAG_LOVEHATE | @@ -437,8 +437,8 @@ class ApplicationController < ActionController::Base def param_exists(item) return params[item] && !params[item].empty? - end - + end + def get_request_variety_from_params query = "" sortby = "newest" @@ -463,7 +463,7 @@ class ApplicationController < ActionController::Base def get_status_from_params query = "" - if params[:latest_status] + if params[:latest_status] statuses = [] if params[:latest_status].class == String params[:latest_status] = [params[:latest_status]] @@ -514,7 +514,7 @@ class ApplicationController < ActionController::Base query = "" tags = [] if param_exists(:tags) - params[:tags].split().each do |tag| + params[:tags].split().each do |tag| tags << "tag:#{tag}" end end @@ -523,7 +523,7 @@ class ApplicationController < ActionController::Base end return query end - + def make_query_from_params query = params[:query] || "" if query.nil? query += get_date_range_from_params -- cgit v1.2.3 From 4593cc9e546878d69f795ce75808aae60656213c Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Tue, 15 May 2012 11:21:30 +0100 Subject: Add a comment to explain why we're calling `set_view_paths` in the controller when the method doesn't exist in Alaveteli code. See [this comment](https://github.com/sebbacon/alaveteli/issues/320#issuecomment-5711523) for discussion. --- app/controllers/application_controller.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e354b64a4..47accae1c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -118,8 +118,11 @@ class ApplicationController < ActionController::Base # Override default error handler, for production sites. def rescue_action_in_public(exception) - # Make sure expiry time for session is set (before_filters are - # otherwise missed by this override) + # Call `set_view_paths` from the theme, if it exists. + # Normally, this is called by the theme itself in a + # :before_filter, but when there's an error, this doesn't + # happen. By calling it here, we can ensure error pages are + # still styled according to the theme. begin set_view_paths rescue NameError => e @@ -127,6 +130,8 @@ class ApplicationController < ActionController::Base raise end end + # Make sure expiry time for session is set (before_filters are + # otherwise missed by this override) session_remember_me case exception when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError -- cgit v1.2.3