X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/addf99f1911ec617ba258e075a53d774dee2a672..e3bac9e6e5210d0fd87b03c8ec6a55db6000c9cd:/app/controllers/traces_controller.rb diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb index 3539b6032..5bee44886 100644 --- a/app/controllers/traces_controller.rb +++ b/app/controllers/traces_controller.rb @@ -61,17 +61,16 @@ class TracesController < ApplicationController @params = params.permit(:display_name, :tag, :before, :after) - @traces, @newer_traces_id, @older_traces_id = get_page_items(traces, [:user, :tags]) + @traces, @newer_traces_id, @older_traces_id = get_page_items(traces, :includes => [:user, :tags]) # final helper vars for view @target_user = target_user end def show - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if @trace&.visible? && - (@trace&.public? || @trace&.user == current_user) + if @trace.public? || @trace.user == current_user @title = t ".title", :name => @trace.name else flash[:error] = t ".trace_not_found" @@ -88,11 +87,9 @@ class TracesController < ApplicationController end def edit - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden else @title = t ".title", :name => @trace.name @@ -136,11 +133,9 @@ class TracesController < ApplicationController end def update - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden elsif @trace.update(trace_params) flash[:notice] = t ".updated" @@ -154,11 +149,9 @@ class TracesController < ApplicationController end def destroy - trace = Trace.find(params[:id]) + trace = Trace.visible.find(params[:id]) - if !trace.visible? - head :not_found - elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) + if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) head :forbidden else trace.visible = false @@ -176,9 +169,9 @@ class TracesController < ApplicationController end def data - trace = Trace.find(params[:id]) + trace = Trace.visible.find(params[:id]) - if trace.visible? && (trace.public? || (current_user && current_user == trace.user)) + if trace.public? || (current_user && current_user == trace.user) if Acl.no_trace_download(request.remote_ip) head :forbidden elsif request.format == Mime[:xml] @@ -208,48 +201,6 @@ class TracesController < ApplicationController @traces = @traces.includes(:user) end - def picture - trace = Trace.find(params[:id]) - - if trace.visible? && trace.inserted? - if trace.public? || (current_user && current_user == trace.user) - if trace.icon.attached? - redirect_to rails_blob_path(trace.image, :disposition => "inline") - else - expires_in 7.days, :private => !trace.public?, :public => trace.public? - send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline") - end - else - head :forbidden - end - else - head :not_found - end - rescue ActiveRecord::RecordNotFound - head :not_found - end - - def icon - trace = Trace.find(params[:id]) - - if trace.visible? && trace.inserted? - if trace.public? || (current_user && current_user == trace.user) - if trace.icon.attached? - redirect_to rails_blob_path(trace.icon, :disposition => "inline") - else - expires_in 7.days, :private => !trace.public?, :public => trace.public? - send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline") - end - else - head :forbidden - end - else - head :not_found - end - rescue ActiveRecord::RecordNotFound - head :not_found - end - private def do_create(file, tags, description, visibility)