summaryrefslogtreecommitdiff
path: root/app/controllers/application_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r--app/controllers/application_controller.rb33
1 files changed, 32 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8ad13a82f89..2caffec66ac 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,12 +13,14 @@ class ApplicationController < ActionController::Base
before_action :authenticate_sessionless_user!
before_action :authenticate_user!
+ before_action :enforce_terms!, if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms },
+ unless: :peek_request?
before_action :validate_user_service_ticket!
before_action :check_password_expiration
before_action :ldap_security_check
before_action :sentry_context
before_action :default_headers
- before_action :add_gon_variables, unless: -> { request.path.start_with?('/-/peek') }
+ before_action :add_gon_variables, unless: :peek_request?
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :require_email, unless: :devise_controller?
@@ -269,6 +271,27 @@ class ApplicationController < ActionController::Base
end
end
+ def enforce_terms!
+ return unless current_user
+ return if current_user.terms_accepted?
+
+ if sessionless_user?
+ render_403
+ else
+ # Redirect to the destination if the request is a get.
+ # Redirect to the source if it was a post, so the user can re-submit after
+ # accepting the terms.
+ redirect_path = if request.get?
+ request.fullpath
+ else
+ URI(request.referer).path if request.referer
+ end
+
+ flash[:notice] = _("Please accept the Terms of Service before continuing.")
+ redirect_to terms_path(redirect: redirect_path), status: :found
+ end
+ end
+
def import_sources_enabled?
!Gitlab::CurrentSettings.import_sources.empty?
end
@@ -342,4 +365,12 @@ class ApplicationController < ActionController::Base
# Per https://tools.ietf.org/html/rfc5987, headers need to be ISO-8859-1, not UTF-8
response.headers['Page-Title'] = URI.escape(page_title('GitLab'))
end
+
+ def sessionless_user?
+ current_user && !session.keys.include?('warden.user.user.key')
+ end
+
+ def peek_request?
+ request.path.start_with?('/-/peek')
+ end
end
View Lorry Controller Status