2 class TracesController < ApiController
3 before_action :authorize_web
4 before_action :set_locale
5 before_action :authorize
9 before_action :check_database_readable, :except => [:show, :data]
10 before_action :check_database_writable, :only => [:create, :update, :destroy]
11 before_action :check_api_readable, :only => [:show, :data]
12 before_action :check_api_writable, :only => [:create, :update, :destroy]
13 before_action :offline_error, :only => [:create, :destroy, :data]
14 around_action :api_call_handle_error
17 @trace = Trace.visible.find(params[:id])
19 head :forbidden unless @trace.public? || @trace.user == current_user
23 trace = Trace.visible.find(params[:id])
25 if trace.user == current_user
26 trace.update_from_xml(request.raw_post)
36 trace = Trace.visible.find(params[:id])
38 if trace.user == current_user
41 TraceDestroyerJob.perform_later(trace)
50 trace = Trace.visible.find(params[:id])
52 if trace.public? || trace.user == current_user
53 if request.format == Mime[:xml]
54 send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
55 elsif request.format == Mime[:gpx]
56 send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
58 send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
66 tags = params[:tags] || ""
67 description = params[:description] || ""
68 visibility = params[:visibility]
71 visibility = if params[:public]&.to_i&.nonzero?
78 if params[:file].respond_to?(:read)
79 trace = do_create(params[:file], tags, description, visibility)
82 TraceImporterJob.perform_later(trace)
83 render :plain => trace.id.to_s
85 head :internal_server_error
96 def do_create(file, tags, description, visibility)
97 # Sanitise the user's filename
98 name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, "_")
100 # Get a temporary filename...
101 filename = "/tmp/#{rand}"
103 # ...and save the uploaded file to that location
104 File.binwrite(filename, file.read)
106 # Create the trace object, falsely marked as already
107 # inserted to stop the import daemon trying to load it
111 :description => description,
112 :visibility => visibility,
114 :user => current_user,
115 :timestamp => Time.now.getutc
121 # Save the trace object
124 # Rename the temporary file to the final name
125 FileUtils.mv(filename, trace.trace_name)
127 # Remove the file as we have failed to update the database
128 FileUtils.rm_f(filename)
130 # Pass the exception on
135 # Clear the inserted flag to make the import daemon load the trace
136 trace.inserted = false
139 # Remove the file as we have failed to update the database
140 FileUtils.rm_f(trace.trace_name)
142 # Pass the exception on
148 # Finally save the user's preferred privacy level
149 if pref = current_user.preferences.where(:k => "gps.trace.visibility").first
153 current_user.preferences.create(:k => "gps.trace.visibility", :v => visibility)
160 report_error "GPX files offline for maintenance", :service_unavailable if Settings.status == "gpx_offline"