X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/af5d76ecabb8b6a6b35d8df262806367ec4a87cc..325deabc916acab952089a4b093fa6bafa66083c:/app/controllers/traces_controller.rb?ds=inline diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb index 42aea8299..d723bac5b 100644 --- a/app/controllers/traces_controller.rb +++ b/app/controllers/traces_controller.rb @@ -65,13 +65,14 @@ class TracesController < ApplicationController # final helper vars for view @target_user = target_user + + render :partial => "page" if turbo_frame_request_id == "pagination" end def show - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if @trace&.visible? && - (@trace&.public? || @trace&.user == current_user) + if @trace.public? || @trace.user == current_user @title = t ".title", :name => @trace.name else flash[:error] = t ".trace_not_found" @@ -88,11 +89,9 @@ class TracesController < ApplicationController end def edit - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden else @title = t ".title", :name => @trace.name @@ -136,17 +135,15 @@ class TracesController < ApplicationController end def update - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden elsif @trace.update(trace_params) flash[:notice] = t ".updated" redirect_to :action => "show", :display_name => current_user.display_name else - @title = t ".title", :name => @trace.name + @title = t "traces.edit.title", :name => @trace.name render :action => "edit" end rescue ActiveRecord::RecordNotFound @@ -154,11 +151,9 @@ class TracesController < ApplicationController end def destroy - trace = Trace.find(params[:id]) + trace = Trace.visible.find(params[:id]) - if !trace.visible? - head :not_found - elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) + if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) head :forbidden else trace.visible = false @@ -176,9 +171,9 @@ class TracesController < ApplicationController end def data - trace = Trace.find(params[:id]) + trace = Trace.visible.find(params[:id]) - if trace.visible? && (trace.public? || (current_user && current_user == trace.user)) + if trace.public? || (current_user && current_user == trace.user) if Acl.no_trace_download(request.remote_ip) head :forbidden elsif request.format == Mime[:xml] @@ -208,48 +203,6 @@ class TracesController < ApplicationController @traces = @traces.includes(:user) end - def picture - trace = Trace.find(params[:id]) - - if trace.visible? && trace.inserted? - if trace.public? || (current_user && current_user == trace.user) - if trace.icon.attached? - redirect_to rails_blob_path(trace.image, :disposition => "inline") - else - expires_in 7.days, :private => !trace.public?, :public => trace.public? - send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline") - end - else - head :forbidden - end - else - head :not_found - end - rescue ActiveRecord::RecordNotFound - head :not_found - end - - def icon - trace = Trace.find(params[:id]) - - if trace.visible? && trace.inserted? - if trace.public? || (current_user && current_user == trace.user) - if trace.icon.attached? - redirect_to rails_blob_path(trace.icon, :disposition => "inline") - else - expires_in 7.days, :private => !trace.public?, :public => trace.public? - send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline") - end - else - head :forbidden - end - else - head :not_found - end - rescue ActiveRecord::RecordNotFound - head :not_found - end - private def do_create(file, tags, description, visibility)