conditions << @tag
end
+ conditions[0] += " AND gpx_files.visible = 1"
+
@trace_pages, @traces = paginate(:traces,
:include => [:user, :tags],
:conditions => conditions,
def view
@trace = Trace.find(params[:id])
@title = "Viewing trace #{@trace.name}"
- unless @trace.public
- if @user
- render :nothing, :status => :forbidden if @trace.user.id != @user.id
- end
+ if !@trace.visible?
+ render :nothing => true, :status => :not_found
+ elsif !@trace.public? and @trace.user.id != @user.id
+ render :nothing => true, :status => :forbidden
end
rescue ActiveRecord::RecordNotFound
render :nothing => true, :status => :not_found
def data
trace = Trace.find(params[:id])
- if trace and (trace.public? or (@user and @user == trace.user))
+
+ if trace.visible? and (trace.public? or (@user and @user == trace.user))
send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment')
else
render :nothing, :status => :not_found
end
+ rescue ActiveRecord::RecordNotFound
+ render :nothing => true, :status => :not_found
+ end
+
+ def delete
+ trace = Trace.find(params[:id])
+
+ if @user and trace.user == @user
+ if request.post? and trace.visible?
+ trace.visible = false
+ trace.save
+ flash[:notice] = 'Track scheduled for deletion'
+ redirect_to :controller => 'traces', :action => 'mine'
+ else
+ render :nothing, :status => :bad_request
+ end
+ else
+ render :nothing, :status => :forbidden
+ end
+ rescue ActiveRecord::RecordNotFound
+ render :nothing => true, :status => :not_found
end
def make_public
trace = Trace.find(params[:id])
- if @user and trace.user == @user and !trace.public
- trace.public = true
- trace.save
- flash[:notice] = 'Track made public'
- redirect_to :controller => 'trace', :action => 'view', :id => params[:id]
+
+ if @user and trace.user == @user
+ if request.post? and !trace.public?
+ trace.public = true
+ trace.save
+ flash[:notice] = 'Track made public'
+ redirect_to :controller => 'trace', :action => 'view', :id => params[:id]
+ else
+ render :nothing, :status => :bad_request
+ end
+ else
+ render :nothing, :status => :forbidden
end
+ rescue ActiveRecord::RecordNotFound
+ render :nothing => true, :status => :not_found
end
def georss
def picture
trace = Trace.find(params[:id])
- if trace.public? or (@user and @user == trace.user)
- send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline')
+ if trace.inserted?
+ if trace.public? or (@user and @user == trace.user)
+ send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline')
+ else
+ render :nothing, :status => :forbidden
+ end
else
- render :nothing, :status => :forbidden
+ render :nothing => true, :status => :not_found
end
rescue ActiveRecord::RecordNotFound
render :nothing => true, :status => :not_found
def icon
trace = Trace.find(params[:id])
- if trace.public? or (@user and @user == trace.user)
- send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline')
+ if trace.inserted?
+ if trace.public? or (@user and @user == trace.user)
+ send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline')
+ else
+ render :nothing, :status => :forbidden
+ end
else
- render :nothing, :status => :forbidden
+ render :nothing => true, :status => :not_found
end
rescue ActiveRecord::RecordNotFound
render :nothing => true, :status => :not_found
name = params[:file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane
do_create(name, params[:tags], params[:description], params[:public]) do |f|
- f.write(request[:file].read)
+ f.write(params[:file].read)
end
if @trace.id