@params = params.permit(:display_name, :tag, :before, :after)
- @traces, @newer_traces_id, @older_traces_id = get_page_items(traces, [:user, :tags])
+ @traces, @newer_traces_id, @older_traces_id = get_page_items(traces, :includes => [:user, :tags])
# final helper vars for view
@target_user = target_user
end
def show
- @trace = Trace.find(params[:id])
+ @trace = Trace.visible.find(params[:id])
- if @trace&.visible? &&
- (@trace&.public? || @trace&.user == current_user)
+ if @trace.public? || @trace.user == current_user
@title = t ".title", :name => @trace.name
else
flash[:error] = t ".trace_not_found"
end
def edit
- @trace = Trace.find(params[:id])
+ @trace = Trace.visible.find(params[:id])
- if !@trace.visible?
- head :not_found
- elsif current_user.nil? || @trace.user != current_user
+ if current_user.nil? || @trace.user != current_user
head :forbidden
else
@title = t ".title", :name => @trace.name
end
def update
- @trace = Trace.find(params[:id])
+ @trace = Trace.visible.find(params[:id])
- if !@trace.visible?
- head :not_found
- elsif current_user.nil? || @trace.user != current_user
+ if current_user.nil? || @trace.user != current_user
head :forbidden
elsif @trace.update(trace_params)
flash[:notice] = t ".updated"
end
def destroy
- trace = Trace.find(params[:id])
+ trace = Trace.visible.find(params[:id])
- if !trace.visible?
- head :not_found
- elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
+ if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
head :forbidden
else
trace.visible = false
end
def data
- trace = Trace.find(params[:id])
+ trace = Trace.visible.find(params[:id])
- if trace.visible? && (trace.public? || (current_user && current_user == trace.user))
+ if trace.public? || (current_user && current_user == trace.user)
if Acl.no_trace_download(request.remote_ip)
head :forbidden
elsif request.format == Mime[:xml]
@traces = @traces.includes(:user)
end
- def picture
- trace = Trace.find(params[:id])
-
- if trace.visible? && trace.inserted?
- if trace.public? || (current_user && current_user == trace.user)
- if trace.icon.attached?
- redirect_to rails_blob_path(trace.image, :disposition => "inline")
- else
- expires_in 7.days, :private => !trace.public?, :public => trace.public?
- send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline")
- end
- else
- head :forbidden
- end
- else
- head :not_found
- end
- rescue ActiveRecord::RecordNotFound
- head :not_found
- end
-
- def icon
- trace = Trace.find(params[:id])
-
- if trace.visible? && trace.inserted?
- if trace.public? || (current_user && current_user == trace.user)
- if trace.icon.attached?
- redirect_to rails_blob_path(trace.icon, :disposition => "inline")
- else
- expires_in 7.days, :private => !trace.public?, :public => trace.public?
- send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline")
- end
- else
- head :forbidden
- end
- else
- head :not_found
- end
- rescue ActiveRecord::RecordNotFound
- head :not_found
- end
-
private
def do_create(file, tags, description, visibility)