X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/9738e3f6482972ccf68b9b2e92ad498a31ccb6d8..3db4ac9a8e8dd94bc288e98ff353452e401d0a59:/app/controllers/trace_controller.rb?ds=sidebyside diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index d84059874..7c5bd7db0 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -48,6 +48,8 @@ class TraceController < ApplicationController conditions << @tag end + conditions[0] += " AND gpx_files.visible = 1" + @trace_pages, @traces = paginate(:traces, :include => [:user, :tags], :conditions => conditions, @@ -82,34 +84,43 @@ class TraceController < ApplicationController def view @trace = Trace.find(params[:id]) @title = "Viewing trace #{@trace.name}" - unless @trace.public - if @user - render :nothing, :status => :forbidden if @trace.user.id != @user.id - end + if !@trace.visible? + render :nothing => true, :status => :not_found + elsif !@trace.public? and @trace.user.id != @user.id + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found end def create - name = params[:trace][:gpx_file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane + logger.info(params[:trace][:gpx_file].class.name) + if params[:trace][:gpx_file].respond_to?(:read) + do_create(params[:trace][:gpx_file], params[:trace][:tagstring], + params[:trace][:description], params[:trace][:public]) - do_create(name, params[:trace][:tagstring], params[:trace][:description], params[:trace][:public]) do |f| - f.write(params[:trace][:gpx_file].read) - end - - if @trace.id - logger.info("id is #{@trace.id}") - flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." + if @trace.id + logger.info("id is #{@trace.id}") + flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." - redirect_to :action => 'mine' + redirect_to :action => 'mine' + end + else + @trace = Trace.new({:name => "Dummy", + :tagstring => params[:trace][:tagstring], + :description => params[:trace][:description], + :public => params[:trace][:public], + :inserted => false, :user => @user, + :timestamp => Time.now}) + @trace.valid? + @trace.errors.add(:gpx_file, "can't be blank") end end def data trace = Trace.find(params[:id]) - if trace.public? or (@user and @user == trace.user) + if trace.visible? and (trace.public? or (@user and @user == trace.user)) send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') else render :nothing, :status => :not_found @@ -118,14 +129,60 @@ class TraceController < ApplicationController render :nothing => true, :status => :not_found end + def edit + @trace = Trace.find(params[:id]) + + if @user and @trace.user == @user + if params[:trace] + @trace.description = params[:trace][:description] + @trace.tagstring = params[:trace][:tagstring] + if @trace.save + redirect_to :action => 'view' + end + end + else + render :nothing, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found + end + + def delete + trace = Trace.find(params[:id]) + + if @user and trace.user == @user + if request.post? and trace.visible? + trace.visible = false + trace.save + flash[:notice] = 'Track scheduled for deletion' + redirect_to :controller => 'traces', :action => 'mine' + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found + end + def make_public trace = Trace.find(params[:id]) - if @user and trace.user == @user and !trace.public - trace.public = true - trace.save - flash[:notice] = 'Track made public' - redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + + if @user and trace.user == @user + if request.post? and !trace.public? + trace.public = true + trace.save + flash[:notice] = 'Track made public' + redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def georss @@ -211,11 +268,7 @@ class TraceController < ApplicationController def api_create if request.post? - name = params[:file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane - - do_create(name, params[:tags], params[:description], params[:public]) do |f| - f.write(params[:file].read) - end + do_create(params[:file], params[:tags], params[:description], params[:public]) if @trace.id render :text => @trace.id.to_s, :content_type => "text/plain" @@ -231,10 +284,11 @@ class TraceController < ApplicationController private - def do_create(name, tags, description, public) + def do_create(file, tags, description, public) + name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_') filename = "/tmp/#{rand}" - File.open(filename, "w") { |f| yield f } + File.open(filename, "w") { |f| f.write(file.read) } @trace = Trace.new({:name => name, :tagstring => tags, :description => description, :public => public})