X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/960d13488a875245570ee498ee9a1ed7cac37bbe..797cbaab1ef4b842f3b57bb46c29dea61b4c7e3a:/app/controllers/trace_controller.rb diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 0467e66ba..d94280a6a 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -12,13 +12,13 @@ class TraceController < ApplicationController # from display name, pick up user id if one user's traces only display_name = params[:display_name] if target_user.nil? and !display_name.blank? - target_user = User.find(:first, :conditions => [ "display_name = ?", display_name]) + target_user = User.find(:first, :conditions => [ "visible = ? and display_name = ?", true, display_name]) end # set title if target_user.nil? @title = "Public GPS traces" - elsif @user and @user.id == target_user.id + elsif @user and @user == target_user @title = "Your GPS traces" else @title = "Public GPS traces from #{target_user.display_name}" @@ -33,15 +33,15 @@ class TraceController < ApplicationController # 4 - user's traces, not logged in as that user = all user's public traces if target_user.nil? # all traces if @user - conditions = ["(gpx_files.public = 1 OR gpx_files.user_id = ?)", @user.id] #1 + conditions = ["(gpx_files.public = ? OR gpx_files.user_id = ?)", true, @user.id] #1 else - conditions = ["gpx_files.public = 1"] #2 + conditions = ["gpx_files.public = ?", true] #2 end else - if @user and @user.id == target_user.id + if @user and @user == target_user conditions = ["gpx_files.user_id = ?", @user.id] #3 (check vs user id, so no join + can't pick up non-public traces by changing name) else - conditions = ["gpx_files.public = 1 AND gpx_files.user_id = ?", target_user.id] #4 + conditions = ["gpx_files.public = ? AND gpx_files.user_id = ?", true, target_user.id] #4 end end @@ -51,7 +51,8 @@ class TraceController < ApplicationController conditions << @tag end - conditions[0] += " AND gpx_files.visible = 1" + conditions[0] += " AND gpx_files.visible = ?" + conditions << true @trace_pages, @traces = paginate(:traces, :include => [:user, :tags], @@ -88,7 +89,7 @@ class TraceController < ApplicationController @trace = Trace.find(params[:id]) if @trace and @trace.visible? and - (@trace.public? or @trace.user.id == @user.id) + (@trace.public? or @trace.user == @user) @title = "Viewing trace #{@trace.name}" else flash[:notice] = "Trace not found!" @@ -196,7 +197,7 @@ class TraceController < ApplicationController end def georss - conditions = ["gpx_files.public = 1"] + conditions = ["gpx_files.public = ?", true] if params[:display_name] conditions[0] += " AND users.display_name = ?"