X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/40b452ac7431387979fa2c2cdd2565bae5993f29..8a70e1c082b985c2ff1802d6ebff60783a6fc2b6:/app/controllers/trace_controller.rb diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 32369da21..9c4a9d8bd 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -122,8 +122,8 @@ class TraceController < ApplicationController logger.info("id is #{@trace.id}") flash[:notice] = t 'trace.create.trace_uploaded' - if @user.traces.count(:conditions => { :inserted => false }) > 4 - flash[:warning] = t 'trace.trace_header.traces_waiting', :count => @user.traces.count(:conditions => { :inserted => false }) + if @user.traces.where(:inserted => false).count > 4 + flash[:warning] = t 'trace.trace_header.traces_waiting', :count => @user.traces.where(:inserted => false).count end redirect_to :action => :list, :display_name => @user.display_name @@ -139,7 +139,7 @@ class TraceController < ApplicationController @trace.errors.add(:gpx_file, "can't be blank") end else - @trace = Trace.new({:visibility => default_visibility}, :without_protection => true) + @trace = Trace.new(:visibility => default_visibility) end @title = t 'trace.create.upload_trace' @@ -151,8 +151,10 @@ class TraceController < ApplicationController if trace.visible? and (trace.public? or (@user and @user == trace.user)) if Acl.no_trace_download(request.remote_ip) render :text => "", :status => :forbidden - elsif request.format == Mime::XML or request.format == Mime::GPX + elsif request.format == Mime::XML send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => 'attachment') + elsif request.format == Mime::GPX + send_file(trace.xml_file, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => 'attachment') else send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') end @@ -166,8 +168,13 @@ class TraceController < ApplicationController def edit @trace = Trace.find(params[:id]) - if @user and @trace.user == @user + if not @trace.visible? + render :text => "", :status => :not_found + elsif @user.nil? or @trace.user != @user + render :text => "", :status => :forbidden + else @title = t 'trace.edit.title', :name => @trace.name + if params[:trace] @trace.description = params[:trace][:description] @trace.tagstring = params[:trace][:tagstring] @@ -176,8 +183,6 @@ class TraceController < ApplicationController redirect_to :action => 'view', :display_name => @user.display_name end end - else - render :text => "", :status => :forbidden end rescue ActiveRecord::RecordNotFound render :text => "", :status => :not_found @@ -186,17 +191,15 @@ class TraceController < ApplicationController def delete trace = Trace.find(params[:id]) - if @user and trace.user == @user - if trace.visible? - trace.visible = false - trace.save - flash[:notice] = t 'trace.delete.scheduled_for_deletion' - redirect_to :action => :list, :display_name => @user.display_name - else - render :text => "", :status => :not_found - end - else + if not trace.visible? + render :text => "", :status => :not_found + elsif @user.nil? or trace.user != @user render :text => "", :status => :forbidden + else + trace.visible = false + trace.save + flash[:notice] = t 'trace.delete.scheduled_for_deletion' + redirect_to :action => :list, :display_name => @user.display_name end rescue ActiveRecord::RecordNotFound render :text => "", :status => :not_found @@ -352,7 +355,7 @@ private # Create the trace object, falsely marked as already # inserted to stop the import daemon trying to load it - @trace = Trace.new({ + @trace = Trace.new( :name => name, :tagstring => tags, :description => description, @@ -360,7 +363,7 @@ private :inserted => true, :user => @user, :timestamp => Time.now.getutc - }, :without_protection => true) + ) Trace.transaction do begin