From 1858d7e58603766adb1e3074377dc9792c893273 Mon Sep 17 00:00:00 2001
From: Felix Wolfsteller <felix.wolfsteller@gmail.com>
Date: Thu, 24 Sep 2020 08:46:28 +0200
Subject: [PATCH] add TermsAcceptance pseudo-resource,
 app/views/contacts/_form.html.haml

---
 app/controllers/application_controller.rb     | 17 +++++++++-
 .../terms_acceptances_controller.rb           | 33 +++++++++++++++++++
 app/views/terms_acceptances/show.html.haml    | 26 +++++++++++++++
 config/locales/de.yml                         |  5 +++
 config/routes.rb                              |  2 ++
 test/system/tos_test.rb                       | 17 +++++++++-
 6 files changed, 98 insertions(+), 2 deletions(-)
 create mode 100644 app/controllers/terms_acceptances_controller.rb
 create mode 100644 app/views/terms_acceptances/show.html.haml

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 54ce1c3..ff37c6c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,7 +4,7 @@
 
 class ApplicationController < ActionController::Base
   include Pagy::Backend
-  #before_action :authenticate_user!
+  before_action :force_terms_acceptance
   impersonates :user
 
   def authorize_admin!
@@ -15,4 +15,19 @@ def authorize_admin!
       redirect_to root_path
     end
   end
+
+  def authorize_user!
+    if !user_signed_in?
+      flash[:error] = t('you need to log in')
+      redirect_to root_path
+    end
+  end
+
+  def force_terms_acceptance
+    if user_signed_in? && current_user == true_user
+      if !current_user.admin? && !current_user.terms_accepted_at
+        redirect_to terms_acceptance_path
+      end
+    end
+  end
 end
diff --git a/app/controllers/terms_acceptances_controller.rb b/app/controllers/terms_acceptances_controller.rb
new file mode 100644
index 0000000..fdd1f80
--- /dev/null
+++ b/app/controllers/terms_acceptances_controller.rb
@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: 2020 Felix Wolfsteller
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+class TermsAcceptancesController < ApplicationController
+  before_action :authorize_user!
+  before_action :force_terms_acceptance
+
+  def show
+    if !current_user.terms_accepted_at.present?
+      flash[:warning] = t('.have_to_agree')
+    end
+  end
+
+  def create
+    if params[:accept_terms] && params[:read_privacy_terms]
+      flash[:message] = t('.welcome')
+      current_user.update(terms_accepted_at: DateTime.current)
+      redirect_to root_path
+    else
+      flash[:warning] = t('terms_acceptances.show.have_to_agree')
+      render :show
+    end
+  end
+
+  private
+
+  def force_terms_acceptance
+    # no show (overriding ApplicationController#force_terms_acceptance,
+    # otherwise redirect loop)
+  end
+end
+
diff --git a/app/views/terms_acceptances/show.html.haml b/app/views/terms_acceptances/show.html.haml
new file mode 100644
index 0000000..6d2d399
--- /dev/null
+++ b/app/views/terms_acceptances/show.html.haml
@@ -0,0 +1,26 @@
+-# SPDX-FileCopyrightText: 2020 Felix Wolfsteller
+-#
+-# SPDX-License-Identifier: AGPL-3.0-or-later
+
+%h1.title
+  = t('privacy_statement')
+.container.mb-5
+  .content.is-medium.has-text-justified
+    != SiteSetting['privacy_statement']
+
+%h1.title
+  = t('terms')
+.container.mb-5
+  .content.is-medium.has-text-justified
+    != SiteSetting['terms']
+
+= form_with url: terms_acceptance_path, builder: BulmaFormBuilder::FormBuilder do |f|
+  .field
+    = label_tag :accept_terms, t('activerecord.attributes.user.tos_agreement')
+    = f.check_box :accept_terms
+  .field
+    = label_tag :read_privacy_terms, t('activerecord.attributes.user.read_privacy_terms')
+    = f.check_box :read_privacy_terms
+  .actions
+    = f.submit t('Save'), class: 'button is-primary'
+
diff --git a/config/locales/de.yml b/config/locales/de.yml
index ea06a58..43423d7 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -464,6 +464,11 @@ de:
     your-are-subscriped: Du hast ein Abonnement
     your-subscription-ended: Dein Abonnement ist abgelaufen
     your-trial-ended: Deine Schnupperwoche ist abgelaufen
+  terms_acceptances:
+    create:
+      welcome: Super! Willkommen und viel Spaß!
+    show:
+      have_to_agree: Du musst den AGB zustimmen und die Datenschutzerklärung als gelesen markieren.
   the_website: yogamitveronique.de
   till: bis
   time:
diff --git a/config/routes.rb b/config/routes.rb
index 22d3a6f..8e6cb6a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -31,6 +31,8 @@
 
   resources :styles, only: [:index, :show]
 
+  resource :terms_acceptance, only: [:show, :create]
+
   namespace :admin do
     resources :appointments
 
diff --git a/test/system/tos_test.rb b/test/system/tos_test.rb
index 1da1a62..8663213 100644
--- a/test/system/tos_test.rb
+++ b/test/system/tos_test.rb
@@ -60,11 +60,26 @@ class TosTest < ApplicationSystemTestCase
   end
 
   test "when logging in and no consent was given, user is forced to agree or delete account" do
-    skip "tbi"
+    visit new_user_session_path
+
+    user = users(:user_without_tos_acceptance)
+
+    fill_in "E-Mail", with: user.email
+    fill_in "Passwort", with: 'userpwd'
+
+    click_on "Anmelden"
+
+    assert_selector '.notification', text: /Du musst/
+    assert_selector 'button', text: 'gelesen'
+    assert_selector 'button', text: 'löschen'
   end
 
   test "admins can update date of tos changes and user has to re-agree or delete account" do
     skip "tbi"
   end
+
+  test "admins do not need to accept the terms" do
+    skip "tbi"
+  end
 end