authorize_resource :trace
def show
- trace = Trace.find(params[:trace_id])
+ trace = Trace.visible.imported.find(params[:trace_id])
- if trace.visible? && trace.inserted?
- if trace.public? || (current_user && current_user == trace.user)
- if trace.icon.attached?
- redirect_to rails_blob_path(trace.image, :disposition => "inline")
- else
- expires_in 7.days, :private => !trace.public?, :public => trace.public?
- send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline")
- end
- else
- head :forbidden
- end
+ if trace.public? || (current_user && current_user == trace.user)
+ redirect_to rails_blob_path(trace.image, :disposition => "inline")
else
- head :not_found
+ head :forbidden
end
rescue ActiveRecord::RecordNotFound
head :not_found