X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/af5d76ecabb8b6a6b35d8df262806367ec4a87cc..f8ad4c79a4c1880370a035be0c0286a9b4285a69:/app/controllers/traces_controller.rb diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb index 42aea8299..53c1dedd6 100644 --- a/app/controllers/traces_controller.rb +++ b/app/controllers/traces_controller.rb @@ -2,7 +2,7 @@ class TracesController < ApplicationController include UserMethods include PaginationMethods - layout "site", :except => :georss + layout "site" before_action :authorize_web before_action :set_locale @@ -12,7 +12,7 @@ class TracesController < ApplicationController before_action :check_database_writable, :only => [:new, :create, :edit, :destroy] before_action :offline_warning, :only => [:mine, :show] - before_action :offline_redirect, :only => [:new, :create, :edit, :destroy, :data] + before_action :offline_redirect, :only => [:new, :create, :edit, :destroy] # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.). # target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces @@ -65,13 +65,14 @@ class TracesController < ApplicationController # final helper vars for view @target_user = target_user + + render :partial => "page" if turbo_frame_request_id == "pagination" end def show - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if @trace&.visible? && - (@trace&.public? || @trace&.user == current_user) + if @trace.public? || @trace.user == current_user @title = t ".title", :name => @trace.name else flash[:error] = t ".trace_not_found" @@ -88,11 +89,9 @@ class TracesController < ApplicationController end def edit - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden else @title = t ".title", :name => @trace.name @@ -117,7 +116,7 @@ class TracesController < ApplicationController @trace.schedule_import redirect_to :action => :index, :display_name => current_user.display_name else - flash[:error] = t(".upload_failed") if @trace.valid? + flash.now[:error] = t(".upload_failed") if @trace.valid? render :action => "new" end @@ -136,17 +135,15 @@ class TracesController < ApplicationController end def update - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden elsif @trace.update(trace_params) flash[:notice] = t ".updated" redirect_to :action => "show", :display_name => current_user.display_name else - @title = t ".title", :name => @trace.name + @title = t "traces.edit.title", :name => @trace.name render :action => "edit" end rescue ActiveRecord::RecordNotFound @@ -154,11 +151,9 @@ class TracesController < ApplicationController end def destroy - trace = Trace.find(params[:id]) + trace = Trace.visible.find(params[:id]) - if !trace.visible? - head :not_found - elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) + if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) head :forbidden else trace.visible = false @@ -175,81 +170,6 @@ class TracesController < ApplicationController redirect_to :action => :index, :display_name => current_user.display_name end - def data - trace = Trace.find(params[:id]) - - if trace.visible? && (trace.public? || (current_user && current_user == trace.user)) - if Acl.no_trace_download(request.remote_ip) - head :forbidden - elsif request.format == Mime[:xml] - send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment") - elsif request.format == Mime[:gpx] - send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment") - elsif trace.file.attached? - redirect_to rails_blob_path(trace.file, :disposition => "attachment") - else - send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment") - end - else - head :not_found - end - rescue ActiveRecord::RecordNotFound - head :not_found - end - - def georss - @traces = Trace.visible_to_all.visible - - @traces = @traces.joins(:user).where(:users => { :display_name => params[:display_name] }) if params[:display_name] - - @traces = @traces.tagged(params[:tag]) if params[:tag] - @traces = @traces.order("timestamp DESC") - @traces = @traces.limit(20) - @traces = @traces.includes(:user) - end - - def picture - trace = Trace.find(params[:id]) - - if trace.visible? && trace.inserted? - if trace.public? || (current_user && current_user == trace.user) - if trace.icon.attached? - redirect_to rails_blob_path(trace.image, :disposition => "inline") - else - expires_in 7.days, :private => !trace.public?, :public => trace.public? - send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline") - end - else - head :forbidden - end - else - head :not_found - end - rescue ActiveRecord::RecordNotFound - head :not_found - end - - def icon - trace = Trace.find(params[:id]) - - if trace.visible? && trace.inserted? - if trace.public? || (current_user && current_user == trace.user) - if trace.icon.attached? - redirect_to rails_blob_path(trace.icon, :disposition => "inline") - else - expires_in 7.days, :private => !trace.public?, :public => trace.public? - send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline") - end - else - head :forbidden - end - else - head :not_found - end - rescue ActiveRecord::RecordNotFound - head :not_found - end - private def do_create(file, tags, description, visibility)