+
+ def api_details
+ trace = Trace.find(params[:id])
+
+ if trace.public? or trace.user == @user
+ render :text => trace.to_xml.to_s, :content_type => "text/xml"
+ else
+ render :nothing => true, :status => :forbidden
+ end
+ rescue ActiveRecord::RecordNotFound
+ render :nothing => true, :status => :not_found
+ end
+
+ def api_data
+ trace = Trace.find(params[:id])
+
+ if trace.public? or trace.user == @user
+ send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment')
+ else
+ render :nothing => true, :status => :forbidden
+ end
+ rescue ActiveRecord::RecordNotFound
+ render :nothing => true, :status => :not_found
+ end
+
+ def api_create
+ if request.post?
+ name = params[:file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane
+
+ do_create(name, params[:tags], params[:description], params[:public]) do |f|
+ f.write(params[:file].read)
+ end
+
+ if @trace.id
+ render :text => @trace.id.to_s, :content_type => "text/plain"
+ elsif @trace.valid?
+ render :nothing => true, :status => :internal_server_error
+ else
+ render :nothing => true, :status => :bad_request
+ end
+ else
+ render :nothing => true, :status => :method_not_allowed
+ end
+ end
+
+private
+
+ def do_create(name, tags, description, public)
+ filename = "/tmp/#{rand}"
+
+ File.open(filename, "w") { |f| yield f }
+
+ @trace = Trace.new({:name => name, :tagstring => tags,
+ :description => description, :public => public})
+ @trace.inserted = false
+ @trace.user = @user
+ @trace.timestamp = Time.now
+
+ if @trace.save
+ File.rename(filename, @trace.trace_name)
+ else
+ FileUtils.rm_f(filename)
+ end
+ end
+