From ac108a6c3ac503dc185a12d502653fca597eeacd Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Tue, 20 Mar 2012 15:06:18 +0000 Subject: Fix the "log in as" function Previously the "log in as" function after 3b6e5a692b852a88f55b21a7210f60a6f7cfc24b would attempt to log the admin user out before issuing the redirect. Unfortunately this approach does not work on WhatDoTheyKnow, where the admin pages are served via a different domain (secure.mysociety.org) and so do not share session information with the rest of the site. This commit changes it to mark the PostRedirect with circumstance == "login_as", which signals the user controller to log out the previous user even if they are an admin. In other words, the user is logged out on the main site rather than the admin site, skirting this problem. Closes #450. --- app/controllers/user_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/user_controller.rb') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 403cb9684..08726183e 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -182,7 +182,7 @@ class UserController < ApplicationController return end - if !User.stay_logged_in_on_redirect?(@user) + if !User.stay_logged_in_on_redirect?(@user) || post_redirect.circumstance == "login_as" @user = post_redirect.user @user.email_confirmed = true @user.save! -- cgit v1.2.3 From 014c5a221a3ac47d89de71cfd81054f39ac3759d Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Tue, 15 May 2012 09:52:11 +0100 Subject: Remove trailing whitespace (to make a cleaner forthcoming merge with wombleton:feature/440_sparkly_admin_css) --- app/controllers/user_controller.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'app/controllers/user_controller.rb') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 08726183e..76c56c442 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -9,7 +9,7 @@ class UserController < ApplicationController layout :select_layout - + protect_from_forgery :only => [ :contact, :set_profile_photo, :signchangeemail, @@ -33,7 +33,7 @@ class UserController < ApplicationController @show_profile = false @show_requests = true end - + @display_user = User.find(:first, :conditions => [ "url_name = ? and email_confirmed = ?", params[:url_name], true ]) if not @display_user raise ActiveRecord::RecordNotFound.new("user not found, url_name=" + params[:url_name]) @@ -55,7 +55,7 @@ class UserController < ApplicationController end @xapian_requests = perform_search([InfoRequestEvent], requests_query, 'newest', 'request_collapse') @xapian_comments = perform_search([InfoRequestEvent], comments_query, 'newest', nil) - + if (@page > 1) @page_desc = " (page " + @page.to_s + ")" else @@ -129,7 +129,7 @@ class UserController < ApplicationController session[:user_id] = @user_signin.id session[:user_circumstance] = nil session[:remember_me] = params[:remember_me] ? true : false - + if is_modal_dialog render :action => 'signin_successful' else @@ -319,7 +319,7 @@ class UserController < ApplicationController if (not session[:user_circumstance]) or (session[:user_circumstance] != "change_email") # don't store the password in the db params[:signchangeemail].delete(:password) - post_redirect = PostRedirect.new(:uri => signchangeemail_url(), + post_redirect = PostRedirect.new(:uri => signchangeemail_url(), :post_params => params, :circumstance => "change_email" # special login that lets you change your email ) @@ -538,12 +538,12 @@ class UserController < ApplicationController def is_modal_dialog (params[:modal].to_i != 0) end - + # when logging in through a modal iframe, don't display chrome around the content def select_layout is_modal_dialog ? 'no_chrome' : 'default' end - + # Decide where we are going to redirect back to after signin/signup, and record that def work_out_post_redirect # Redirect to front page later if nothing else specified -- cgit v1.2.3 From 53ea4e4232375395e67050aec4d57a6cd4082d8d Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Mon, 14 May 2012 18:21:42 +0100 Subject: Support "following" functionality: * Change "email me about stuff" wording to "follow" throughout * Introduce a new flag that the user can set, which controls if they get email alerts * Add a new link to a "wall" for logged in users where they can see a feed of all the things they're following --- app/controllers/user_controller.rb | 58 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'app/controllers/user_controller.rb') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 76c56c442..18fae7024 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -6,6 +6,8 @@ # # $Id: user_controller.rb,v 1.71 2009-09-17 07:51:47 francis Exp $ +require 'set' + class UserController < ApplicationController layout :select_layout @@ -89,6 +91,50 @@ class UserController < ApplicationController end + # Show the user's wall + def wall + long_cache + @display_user = User.find(:first, :conditions => [ "url_name = ? and email_confirmed = ?", params[:url_name], true ]) + if not @display_user + raise ActiveRecord::RecordNotFound.new("user not found, url_name=" + params[:url_name]) + end + @is_you = !@user.nil? && @user.id == @display_user.id + feed_results = Set.new + # Use search query for this so can collapse and paginate easily + # XXX really should just use SQL query here rather than Xapian. + begin + requests_query = 'requested_by:' + @display_user.url_name + comments_query = 'commented_by:' + @display_user.url_name + # XXX combine these as OR query + @xapian_requests = perform_search([InfoRequestEvent], requests_query, 'newest', 'request_collapse') + @xapian_comments = perform_search([InfoRequestEvent], comments_query, 'newest', nil) + rescue + @xapian_requests = nil + @xapian_comments = nil + end + + feed_results += @xapian_requests.results.map {|x| x[:model]} if !@xapian_requests.nil? + feed_results += @xapian_comments.results.map {|x| x[:model]} if !@xapian_comments.nil? + + # All tracks for the user + if @is_you + @track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc') + end + for track_thing in @track_things + # XXX factor out of track_mailer.rb + xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 100, 1) + feed_results += xapian_object.results.map {|x| x[:model]} + end + + @feed_results = Array(feed_results).sort {|x,y| y.created_at <=> x.created_at} + + respond_to do |format| + format.html { @has_json = true } + format.json { render :json => @display_user.json_for_api } + end + + end + # Login form def signin work_out_post_redirect @@ -533,6 +579,18 @@ class UserController < ApplicationController end end + # Change about me text on your profile page + def set_receive_email_alerts + if authenticated_user.nil? + flash[:error] = _("You need to be logged in to edit your profile.") + redirect_to frontpage_url + return + end + @user.receive_email_alerts = params[:receive_email_alerts] + @user.save! + redirect_to request.headers['HTTP_REFERER'] + end + private def is_modal_dialog -- cgit v1.2.3 From 1dbe19adc51bc06c8a382e971df0d321033e03a0 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Wed, 16 May 2012 09:09:25 +0100 Subject: Limit the number of results returned on the wall --- app/controllers/user_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers/user_controller.rb') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 18fae7024..72e9f63f1 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -122,11 +122,11 @@ class UserController < ApplicationController end for track_thing in @track_things # XXX factor out of track_mailer.rb - xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 100, 1) + xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1) feed_results += xapian_object.results.map {|x| x[:model]} end - @feed_results = Array(feed_results).sort {|x,y| y.created_at <=> x.created_at} + @feed_results = Array(feed_results).sort {|x,y| y.created_at <=> x.created_at}.first(20) respond_to do |format| format.html { @has_json = true } -- cgit v1.2.3 From e2820105a698d8af93c213f5df31578acda545fe Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Wed, 16 May 2012 12:03:31 +0100 Subject: Make it possible to view other people's activities on their own walls. --- app/controllers/user_controller.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'app/controllers/user_controller.rb') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 72e9f63f1..ef013ad1e 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -119,11 +119,11 @@ class UserController < ApplicationController # All tracks for the user if @is_you @track_things = TrackThing.find(:all, :conditions => ["tracking_user_id = ? and track_medium = ?", @display_user.id, 'email_daily'], :order => 'created_at desc') - end - for track_thing in @track_things - # XXX factor out of track_mailer.rb - xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1) - feed_results += xapian_object.results.map {|x| x[:model]} + for track_thing in @track_things + # XXX factor out of track_mailer.rb + xapian_object = InfoRequest.full_search([InfoRequestEvent], track_thing.track_query, 'described_at', true, nil, 20, 1) + feed_results += xapian_object.results.map {|x| x[:model]} + end end @feed_results = Array(feed_results).sort {|x,y| y.created_at <=> x.created_at}.first(20) -- cgit v1.2.3 From 6fafad02cfa746a04281ffe4951d0d89ba322f6d Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Wed, 16 May 2012 12:04:23 +0100 Subject: Test for user turning email alerts off. Also includes a fix not to rely on HTTP_REFERER for subsequent redirect. --- app/controllers/user_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/user_controller.rb') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index ef013ad1e..e56c4dd33 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -588,7 +588,7 @@ class UserController < ApplicationController end @user.receive_email_alerts = params[:receive_email_alerts] @user.save! - redirect_to request.headers['HTTP_REFERER'] + redirect_to params[:came_from] end private -- cgit v1.2.3