OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
openproject/app/controllers/concerns/accounts/user_consent.rb

104 lines
3.1 KiB

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See docs/COPYRIGHT.rdoc for more details.
#++
##
# Intended to be used by the AccountController to implement the user consent
# check.
module Accounts::UserConsent
include ::UserConsentHelper
def consent
if consent_required?
render 'account/consent', locals: { consenting_user: consenting_user }
else
consent_finished
end
end
def confirm_consent
user = consenting_user
if user.present? && consent_param?
approve_consent!(user)
else
reject_consent!
end
end
def consent_required?
# Ensure consent is enabled and a text is provided
return false unless user_consent_required?
# Require the user to consent if he hasn't already
consent_expired?
end
def decline_consent
message = I18n.t('consent.decline_warning_message') + "\n"
message <<
if Setting.consent_decline_mail
I18n.t('consent.contact_this_mail_address', mail_address: Setting.consent_decline_mail)
else
I18n.t('consent.contact_your_administrator')
end
flash[:error] = message
redirect_to authentication_stage_failure_path :consent
end
def consent_expired?
consented_at = consenting_user.try(:consented_at)
# Always if the user has not consented
return true if consented_at.blank?
# Did not expire if no consent_time set, but user has consented at some point
return false if Setting.consent_time.blank?
# Otherwise, expires when consent_time is newer than last consented_at
consented_at < Setting.consent_time
end
def consenting_user
User.find_by id: session[:authenticated_user_id]
end
def approve_consent!(user)
user.update_column(:consented_at, DateTime.now)
consent_finished
end
def consent_finished
redirect_to authentication_stage_complete_path(:consent)
end
def reject_consent!
flash[:error] = I18n.t('consent.failure_message')
redirect_to authentication_stage_failure_path :consent
end
end