X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/1522ed275c3efceb9629438e0272f2f2d4adf5ba..df8cd4a7b2c364864aad0e4d9f56c1a4f4f0e990:/app/controllers/trace_controller.rb?ds=inline diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 6528dffde..dc7456c45 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -4,8 +4,10 @@ class TraceController < ApplicationController before_filter :authorize_web before_filter :require_user, :only => [:mine, :create, :edit, :delete, :make_public] before_filter :authorize, :only => [:api_details, :api_data, :api_create] - before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create] - before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create] + before_filter :check_database_readable, :except => [:api_details, :api_data, :api_create] + before_filter :check_database_writable, :only => [:create, :edit, :delete, :make_public] + before_filter :check_api_readable, :only => [:api_details, :api_data] + before_filter :check_api_writable, :only => [:api_create] # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.). # target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces @@ -14,6 +16,11 @@ class TraceController < ApplicationController display_name = params[:display_name] if target_user.nil? and !display_name.blank? target_user = User.find(:first, :conditions => [ "visible = ? and display_name = ?", true, display_name]) + if target_user.nil? + @not_found_user = display_name + render :action => 'no_such_user', :status => :not_found + return + end end # set title @@ -117,7 +124,7 @@ class TraceController < ApplicationController :description => params[:trace][:description], :public => params[:trace][:public], :inserted => false, :user => @user, - :timestamp => Time.now}) + :timestamp => Time.now.getutc}) @trace.valid? @trace.errors.add(:gpx_file, "can't be blank") end @@ -304,20 +311,37 @@ class TraceController < ApplicationController private def do_create(file, tags, description, public) + # Sanitise the user's filename name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_') + + # Get a temporary filename... filename = "/tmp/#{rand}" + # ...and save the uploaded file to that location File.open(filename, "w") { |f| f.write(file.read) } - @trace = Trace.new({:name => name, :tagstring => tags, - :description => description, :public => public}) - @trace.inserted = false - @trace.user = @user - @trace.timestamp = Time.now - + # Create the trace object, falsely marked as already + # inserted to stop the import daemon trying to load it + @trace = Trace.new({ + :name => name, + :tagstring => tags, + :description => description, + :public => public, + :inserted => true, + :user => @user, + :timestamp => Time.now.getutc + }) + + # Save the trace object if @trace.save + # Rename the temporary file to the final name FileUtils.mv(filename, @trace.trace_name) + + # Clear the inserted flag to make the import daemon load the trace + @trace.inserted = false + @trace.save! else + # Remove the file as we have failed to update the database FileUtils.rm_f(filename) end