before_filter :authorize_web
before_filter :require_user, :only => [:new, :edit]
- before_filter :check_database_availability
+ before_filter :check_database_readable
+ before_filter :check_database_writable, :only => [:new, :edit]
def new
@title = 'New diary entry'
def list
if params[:display_name]
- @this_user = User.find_by_display_name(params[:display_name])
+ @this_user = User.find_by_display_name(params[:display_name], :conditions => "visible = 1")
+
if @this_user
@title = @this_user.display_name + "'s diary"
@entry_pages, @entries = paginate(:diary_entries,
end
else
@title = "Users' diaries"
- @entry_pages, @entries = paginate(:diary_entries,
+ @entry_pages, @entries = paginate(:diary_entries, :include => :user,
+ :conditions => "users.visible = 1",
:order => 'created_at DESC',
:per_page => 20)
end
def rss
if params[:display_name]
- user = User.find_by_display_name(params[:display_name])
+ user = User.find_by_display_name(params[:display_name], :conditions => "visible = 1")
if user
@entries = DiaryEntry.find(:all, :conditions => ['user_id = ?', user.id], :order => 'created_at DESC', :limit => 20)
render :nothing => true, :status => :not_found
end
else
- @entries = DiaryEntry.find(:all, :order => 'created_at DESC', :limit => 20)
+ @entries = DiaryEntry.find(:all, :include => :user,
+ :conditions => "users.visible = 1",
+ :order => 'created_at DESC', :limit => 20)
@title = "OpenStreetMap diary entries"
@description = "Recent diary entries from users of OpenStreetMap"
@link = "http://www.openstreetmap.org/diary"
end
def view
- user = User.find_by_display_name(params[:display_name])
+ user = User.find_by_display_name(params[:display_name], :conditions => "visible = 1")
if user
@entry = DiaryEntry.find(:first, :conditions => ['user_id = ? AND id = ?', user.id, params[:id]])