]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/traces_controller.rb
Use "visible" scope when finding traces
[rails.git] / app / controllers / traces_controller.rb
index 42aea82999e4856d822d15a2ef4cac7feb894986..5bee44886716448fbcd715dc893c981341b5984b 100644 (file)
@@ -68,10 +68,9 @@ class TracesController < ApplicationController
   end
 
   def show
   end
 
   def show
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
 
-    if @trace&.visible? &&
-       (@trace&.public? || @trace&.user == current_user)
+    if @trace.public? || @trace.user == current_user
       @title = t ".title", :name => @trace.name
     else
       flash[:error] = t ".trace_not_found"
       @title = t ".title", :name => @trace.name
     else
       flash[:error] = t ".trace_not_found"
@@ -88,11 +87,9 @@ class TracesController < ApplicationController
   end
 
   def edit
   end
 
   def edit
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
 
-    if !@trace.visible?
-      head :not_found
-    elsif current_user.nil? || @trace.user != current_user
+    if current_user.nil? || @trace.user != current_user
       head :forbidden
     else
       @title = t ".title", :name => @trace.name
       head :forbidden
     else
       @title = t ".title", :name => @trace.name
@@ -136,11 +133,9 @@ class TracesController < ApplicationController
   end
 
   def update
   end
 
   def update
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
 
-    if !@trace.visible?
-      head :not_found
-    elsif current_user.nil? || @trace.user != current_user
+    if current_user.nil? || @trace.user != current_user
       head :forbidden
     elsif @trace.update(trace_params)
       flash[:notice] = t ".updated"
       head :forbidden
     elsif @trace.update(trace_params)
       flash[:notice] = t ".updated"
@@ -154,11 +149,9 @@ class TracesController < ApplicationController
   end
 
   def destroy
   end
 
   def destroy
-    trace = Trace.find(params[:id])
+    trace = Trace.visible.find(params[:id])
 
 
-    if !trace.visible?
-      head :not_found
-    elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
+    if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
       head :forbidden
     else
       trace.visible = false
       head :forbidden
     else
       trace.visible = false
@@ -176,9 +169,9 @@ class TracesController < ApplicationController
   end
 
   def data
   end
 
   def data
-    trace = Trace.find(params[:id])
+    trace = Trace.visible.find(params[:id])
 
 
-    if trace.visible? && (trace.public? || (current_user && current_user == trace.user))
+    if trace.public? || (current_user && current_user == trace.user)
       if Acl.no_trace_download(request.remote_ip)
         head :forbidden
       elsif request.format == Mime[:xml]
       if Acl.no_trace_download(request.remote_ip)
         head :forbidden
       elsif request.format == Mime[:xml]
@@ -208,48 +201,6 @@ class TracesController < ApplicationController
     @traces = @traces.includes(:user)
   end
 
     @traces = @traces.includes(:user)
   end
 
-  def picture
-    trace = Trace.find(params[:id])
-
-    if trace.visible? && trace.inserted?
-      if trace.public? || (current_user && current_user == trace.user)
-        if trace.icon.attached?
-          redirect_to rails_blob_path(trace.image, :disposition => "inline")
-        else
-          expires_in 7.days, :private => !trace.public?, :public => trace.public?
-          send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline")
-        end
-      else
-        head :forbidden
-      end
-    else
-      head :not_found
-    end
-  rescue ActiveRecord::RecordNotFound
-    head :not_found
-  end
-
-  def icon
-    trace = Trace.find(params[:id])
-
-    if trace.visible? && trace.inserted?
-      if trace.public? || (current_user && current_user == trace.user)
-        if trace.icon.attached?
-          redirect_to rails_blob_path(trace.icon, :disposition => "inline")
-        else
-          expires_in 7.days, :private => !trace.public?, :public => trace.public?
-          send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline")
-        end
-      else
-        head :forbidden
-      end
-    else
-      head :not_found
-    end
-  rescue ActiveRecord::RecordNotFound
-    head :not_found
-  end
-
   private
 
   def do_create(file, tags, description, visibility)
   private
 
   def do_create(file, tags, description, visibility)