if @trace.id
flash[:notice] = t "trace.create.trace_uploaded"
- if current_user.traces.where(:inserted => false).count > 4
- flash[:warning] = t "trace.trace_header.traces_waiting", :count => current_user.traces.where(:inserted => false).count
- end
+ flash[:warning] = t "trace.trace_header.traces_waiting", :count => current_user.traces.where(:inserted => false).count if current_user.traces.where(:inserted => false).count > 4
redirect_to :action => :list, :display_name => current_user.display_name
end
if Acl.no_trace_download(request.remote_ip)
head :forbidden
elsif request.format == Mime[:xml]
- send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
+ send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
elsif request.format == Mime[:gpx]
- send_file(trace.xml_file, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
+ send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
else
send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
end
@trace.description = params[:trace][:description]
@trace.tagstring = params[:trace][:tagstring]
@trace.visibility = params[:trace][:visibility]
- if @trace.save
- redirect_to :action => "view", :display_name => current_user.display_name
- end
+ redirect_to :action => "view", :display_name => current_user.display_name if @trace.save
end
end
rescue ActiveRecord::RecordNotFound
if !trace.visible?
head :not_found
- elsif current_user.nil? || trace.user != current_user
+ elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
head :forbidden
else
trace.visible = false
trace.save
flash[:notice] = t "trace.delete.scheduled_for_deletion"
- redirect_to :action => :list, :display_name => current_user.display_name
+ redirect_to :action => :list, :display_name => trace.user.display_name
end
rescue ActiveRecord::RecordNotFound
head :not_found
def georss
@traces = Trace.visible_to_all.visible
- if params[:display_name]
- @traces = @traces.joins(:user).where(:users => { :display_name => params[:display_name] })
- end
+ @traces = @traces.joins(:user).where(:users => { :display_name => params[:display_name] }) if params[:display_name]
@traces = @traces.tagged(params[:tag]) if params[:tag]
@traces = @traces.order("timestamp DESC")
if trace.public? || trace.user == current_user
if request.format == Mime[:xml]
- send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
+ send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
elsif request.format == Mime[:gpx]
- send_file(trace.xml_file, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
+ send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
else
send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
end