db/migrate/20091010132954_add_tos_to_users.rb @@ -56,16 +56,6 @@ class ApplicationController < ActionController::Base }) end - # Users created with RPX can in some cases be invalid, e.g. they may have - # empty email addresses. - def valid_login_required - login_required - if current_user && !current_user.valid? - flash[:notice] = "Please update your profile with valid information." - redirect_to edit_user_url(current_user) - end - end - def check_permissions case params[:action] when 'edit' then app/controllers/application_controller.rb @@ -52,7 +52,8 @@ class User < ActiveRecord::Base c.merge_validates_format_of_login_field_options :if => Proc.new { |user| !user.from_rpx } end - validates_acceptance_of :tos, :if => Proc.new { |user| !user.from_rpx } + validates_acceptance_of :tos, :allow_nil => false, :accept => true, + :if => Proc.new { |user| !user.from_rpx } has_role app/models/user.rb @@ -1,5 +1,8 @@ <% # We only enable live validations for user signups, since the plugin # fails on edits. (complains about values already being taken, etc) %> + +<%= error_messages_for 'user' %> + <% form_for(@user, :live_validations => (@user.new_record? ? true : false)) do |f| -%> <p><label for="user_login">User name</label> <%= error_message_for @user, :login %><br/> @@ -38,14 +41,12 @@ <%= f.check_box :remember %> <em>Automatically login in the future; not for shared computers!</em></p> -<% if @user.new_record? -%> <p><label for="user_tos">My contributed texts (package reviews, etc) will be available under Creative Commons Attribution 3.0 except private data (password, email address)</label> <%= error_message_for @user, :tos %><br/> <%= f.check_box :tos %> -<em>You must accepts the license terms before continuing.</em></p> -<% end %> +<em>You must accept the license terms.</em></p> <p><%= f.submit(@user.new_record? ? 'Sign up' : 'Save details') %></p> <% end -%> app/views/users/_form.html.erb @@ -9,7 +9,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20090812104328) do +ActiveRecord::Schema.define(:version => 20091010132954) do create_table "author", :force => true do |t| t.string "name" @@ -214,6 +214,7 @@ ActiveRecord::Schema.define(:version => 20090812104328) do t.datetime "current_login_at" t.string "last_login_ip" t.string "current_login_ip" + t.boolean "tos" end add_index "user", ["last_request_at"], :name => "index_user_on_last_request_at" db/schema.rb @@ -18,7 +18,14 @@ module AuthenticatedSystem end def login_required - logged_in? || access_denied + return access_denied unless logged_in? + # Users created with RPX can in some cases be invalid, e.g. they may have + # empty email addresses. + unless current_user.valid? or (["edit", "update"].include?(request.params["action"]) && + request.params["controller"] == "users") + flash[:notice] = "Please update your profile with valid information." + redirect_to edit_user_url(current_user) + end end alias :require_user :login_required lib/authenticated_system.rb @@ -16,6 +16,7 @@ User.blueprint do email password { "test" } password_confirmation { "test" } + tos { true } end Version.blueprint do spec/blueprints.rb @@ -94,7 +94,8 @@ describe UserMailer do before(:each) do @user = User.create(:login => "Helene", :email => "helene@helene.no", - :password => "1234", :password_confirmation => "1234") + :password => "1234", :password_confirmation => "1234", + :tos => true) end describe "when sending an e-mail" do spec/models/user_spec.rb @@ -5,6 +5,7 @@ module AuthHelper def login_as(model, id_or_attributes = {}) attributes = id_or_attributes.is_a?(Fixnum) ? {:id => id} : id_or_attributes + attributes.update({:valid? => true}) @current_user = stub_model(model, attributes) target = controller rescue template target.instance_variable_set '@current_user', @current_user spec/support/auth_helper.rb 6a99b97a48846b79574ace50459b377f49b58b74 Bjørn Arild Mæland bjorn.maeland@gmail.com http://github.com/hadley/crantastic/commit/aa50198f728e9b5b66eed3d4ea122f1392fcda59 aa50198f728e9b5b66eed3d4ea122f1392fcda59 2009-10-10T06:56:27-07:00 2009-10-10T06:56:27-07:00 Always confirm that the user's profile is valid (e.g. accepted terms of service, valid email, etc). To make this work, we're now storing TOS acceptance in the database. This means that everyone will have to accept the TOS again. cdc205ed93535976858a4b11ef1f125a7b1b55ad Bjørn Arild Mæland bjorn.maeland@gmail.com