diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-05-10 11:35:02 +0200 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-05-11 08:27:43 +0200 |
| commit | a5cb2fe2e09b9b758905693360ecc680ff4afe2a (patch) | |
| tree | a8b72984709ac8bceb4d1f3a79e7e24893abdec0 /app/controllers/application_controller.rb | |
| parent | 35816eb7be76aa1a26dcf2f9cfeddf7c60b2da26 (diff) | |
| download | gitlab-ce-a5cb2fe2e09b9b758905693360ecc680ff4afe2a.tar.gz | |
Allow a user to sign out when on the terms page
Before we would block the `sign_out` request when the user did not
accept the terms, therefore redirecting them to the terms again.
By allowing all request to devise controllers, we avoid this problem.
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2caffec66ac..2843d70c645 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -13,8 +13,7 @@ class ApplicationController < ActionController::Base before_action :authenticate_sessionless_user! before_action :authenticate_user! - before_action :enforce_terms!, if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms }, - unless: :peek_request? + before_action :enforce_terms!, if: :should_enforce_terms? before_action :validate_user_service_ticket! before_action :check_password_expiration before_action :ldap_security_check @@ -373,4 +372,10 @@ class ApplicationController < ActionController::Base def peek_request? request.path.start_with?('/-/peek') end + + def should_enforce_terms? + return false unless Gitlab::CurrentSettings.current_application_settings.enforce_terms + + !(peek_request? || devise_controller?) + end end |