X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3d0f2130dab94f33b0e73d9304c2fdc527fff106..023b9e3662a590b2b8ecb685d4e4eafb8a327964:/app/controllers/trace_controller.rb?ds=sidebyside diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 3bb0d3323..0c4fc9e58 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -1,7 +1,11 @@ class TraceController < ApplicationController + layout 'site' + before_filter :authorize_web + before_filter :require_user, :only => [:mine, :edit, :delete, :make_public] before_filter :authorize, :only => [:api_details, :api_data, :api_create] - layout 'site' + before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create] + before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create] # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.). # target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces @@ -9,13 +13,13 @@ class TraceController < ApplicationController # from display name, pick up user id if one user's traces only display_name = params[:display_name] if target_user.nil? and !display_name.blank? - target_user = User.find(:first, :conditions => [ "display_name = ?", display_name]) + target_user = User.find(:first, :conditions => [ "visible = 1 and display_name = ?", display_name]) end # set title if target_user.nil? @title = "Public GPS traces" - elsif @user and @user.id == target_user.id + elsif @user and @user == target_user @title = "Your GPS traces" else @title = "Public GPS traces from #{target_user.display_name}" @@ -35,7 +39,7 @@ class TraceController < ApplicationController conditions = ["gpx_files.public = 1"] #2 end else - if @user and @user.id == target_user.id + if @user and @user == target_user conditions = ["gpx_files.user_id = ?", @user.id] #3 (check vs user id, so no join + can't pick up non-public traces by changing name) else conditions = ["gpx_files.public = 1 AND gpx_files.user_id = ?", target_user.id] #4 @@ -44,8 +48,9 @@ class TraceController < ApplicationController if params[:tag] @tag = params[:tag] - conditions[0] += " AND EXISTS (SELECT * FROM gpx_file_tags AS gft WHERE gft.gpx_id = gpx_files.id AND gft.tag = ?)" - conditions << @tag + + files = Tracetag.find_all_by_tag(params[:tag]).collect { |tt| tt.gpx_id } + conditions[0] += " AND gpx_files.id IN (#{files.join(',')})" end conditions[0] += " AND gpx_files.visible = 1" @@ -74,30 +79,21 @@ class TraceController < ApplicationController end def mine - if @user - list(@user, "mine") unless @user.nil? - else - redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri - end + list(@user, "mine") end def view @trace = Trace.find(params[:id]) - unless @trace - flash[:notice] = "OH NOES! Trace not found!" + if @trace and @trace.visible? and + (@trace.public? or @trace.user == @user) + @title = "Viewing trace #{@trace.name}" + else + flash[:notice] = "Trace not found!" redirect_to :controller => 'trace', :action => 'list' - return - end - - @title = "Viewing trace #{@trace.name}" - if !@trace.visible? - render :nothing => true, :status => :not_found - elsif !@trace.public? and @trace.user.id != @user.id - render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound - flash[:notice] = "GPX file not found" + flash[:notice] = "Trace not found!" redirect_to :controller => 'trace', :action => 'list' end @@ -115,11 +111,11 @@ class TraceController < ApplicationController end else @trace = Trace.new({:name => "Dummy", - :tagstring => params[:trace][:tagstring], - :description => params[:trace][:description], - :public => params[:trace][:public], - :inserted => false, :user => @user, - :timestamp => Time.now}) + :tagstring => params[:trace][:tagstring], + :description => params[:trace][:description], + :public => params[:trace][:public], + :inserted => false, :user => @user, + :timestamp => Time.now}) @trace.valid? @trace.errors.add(:gpx_file, "can't be blank") end @@ -135,7 +131,7 @@ class TraceController < ApplicationController send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') end else - render :nothing, :status => :not_found + render :nothing => true, :status => :not_found end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -153,7 +149,7 @@ class TraceController < ApplicationController end end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -169,10 +165,10 @@ class TraceController < ApplicationController flash[:notice] = 'Track scheduled for deletion' redirect_to :controller => 'traces', :action => 'mine' else - render :nothing, :status => :bad_request + render :nothing => true, :status => :bad_request end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -188,10 +184,10 @@ class TraceController < ApplicationController flash[:notice] = 'Track made public' redirect_to :controller => 'trace', :action => 'view', :id => params[:id] else - render :nothing, :status => :bad_request + render :nothing => true, :status => :bad_request end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -229,7 +225,7 @@ class TraceController < ApplicationController if trace.public? or (@user and @user == trace.user) send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end else render :nothing => true, :status => :not_found @@ -245,7 +241,7 @@ class TraceController < ApplicationController if trace.public? or (@user and @user == trace.user) send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end else render :nothing => true, :status => :not_found @@ -294,23 +290,40 @@ class TraceController < ApplicationController end end - private +private def do_create(file, tags, description, public) + # Sanitise the user's filename name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_') + + # Get a temporary filename... filename = "/tmp/#{rand}" + # ...and save the uploaded file to that location File.open(filename, "w") { |f| f.write(file.read) } - @trace = Trace.new({:name => name, :tagstring => tags, - :description => description, :public => public}) - @trace.inserted = false - @trace.user = @user - @trace.timestamp = Time.now - + # Create the trace object, falsely marked as already + # inserted to stop the import daemon trying to load it + @trace = Trace.new({ + :name => name, + :tagstring => tags, + :description => description, + :public => public, + :inserted => true, + :user => @user, + :timestamp => Time.now + }) + + # Save the trace object if @trace.save + # Rename the temporary file to the final name FileUtils.mv(filename, @trace.trace_name) + + # Clear the inserted flag to make the import daemon load the trace + @trace.inserted = false + @trace.save! else + # Remove the file as we have failed to update the database FileUtils.rm_f(filename) end end