X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/9f58d1724260a9ef69a7c3dc69d81af4dd7d595d..a7f00eefc4842a87c9076cac8b70fab5149a732b:/app/controllers/trace_controller.rb?ds=inline diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index f7b56e769..3b3097755 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -48,6 +48,8 @@ class TraceController < ApplicationController conditions << @tag end + conditions[0] += " AND gpx_files.visible = 1" + @trace_pages, @traces = paginate(:traces, :include => [:user, :tags], :conditions => conditions, @@ -82,10 +84,10 @@ class TraceController < ApplicationController def view @trace = Trace.find(params[:id]) @title = "Viewing trace #{@trace.name}" - unless @trace.public - if @user - render :nothing, :status => :forbidden if @trace.user.id != @user.id - end + if !@trace.visible? + render :nothing => true, :status => :not_found + elsif !@trace.public? and @trace.user.id != @user.id + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -108,21 +110,52 @@ class TraceController < ApplicationController def data trace = Trace.find(params[:id]) - if trace and (trace.public? or (@user and @user == trace.user)) + + if trace.visible? and (trace.public? or (@user and @user == trace.user)) send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') else render :nothing, :status => :not_found end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found + end + + def delete + trace = Trace.find(params[:id]) + + if @user and trace.user == @user + if request.post? and trace.visible? + trace.visible = false + trace.save + flash[:notice] = 'Track scheduled for deletion' + redirect_to :controller => 'traces', :action => 'mine' + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def make_public trace = Trace.find(params[:id]) - if @user and trace.user == @user and !trace.public - trace.public = true - trace.save - flash[:notice] = 'Track made public' - redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + + if @user and trace.user == @user + if request.post? and !trace.public? + trace.public = true + trace.save + flash[:notice] = 'Track made public' + redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def georss @@ -153,10 +186,14 @@ class TraceController < ApplicationController def picture trace = Trace.find(params[:id]) - if trace.public? or (@user and @user == trace.user) - send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') + if trace.inserted? + if trace.public? or (@user and @user == trace.user) + send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') + else + render :nothing, :status => :forbidden + end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :not_found end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -165,10 +202,14 @@ class TraceController < ApplicationController def icon trace = Trace.find(params[:id]) - if trace.public? or (@user and @user == trace.user) - send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') + if trace.inserted? + if trace.public? or (@user and @user == trace.user) + send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') + else + render :nothing, :status => :forbidden + end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :not_found end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found