X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/180a61bcc30a165899e0bbadb77d1114170a0fda..86fae8980d97ba7fdd9345eb5e372fd4f8f20b7f:/app/controllers/traces/pictures_controller.rb?ds=inline diff --git a/app/controllers/traces/pictures_controller.rb b/app/controllers/traces/pictures_controller.rb index aeac7df86..0b26ed884 100644 --- a/app/controllers/traces/pictures_controller.rb +++ b/app/controllers/traces/pictures_controller.rb @@ -6,21 +6,12 @@ module Traces authorize_resource :trace def show - trace = Trace.find(params[:trace_id]) + trace = Trace.visible.imported.find(params[:trace_id]) - if trace.visible? && trace.inserted? - if trace.public? || (current_user && current_user == trace.user) - if trace.icon.attached? - redirect_to rails_blob_path(trace.image, :disposition => "inline") - else - expires_in 7.days, :private => !trace.public?, :public => trace.public? - send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline") - end - else - head :forbidden - end + if trace.public? || (current_user && current_user == trace.user) + redirect_to rails_blob_path(trace.image, :disposition => "inline") else - head :not_found + head :forbidden end rescue ActiveRecord::RecordNotFound head :not_found