From: Tom Hughes Date: Thu, 13 Aug 2009 17:18:08 +0000 (+0000) Subject: Merge 16891:17044 from trunk. X-Git-Tag: live~7736^2~3 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/908a6ef409518d86bfd2cdf0d2a82a6c312821c8?hp=-c Merge 16891:17044 from trunk. --- 908a6ef409518d86bfd2cdf0d2a82a6c312821c8 diff --combined app/controllers/trace_controller.rb index 17b667969,b8d189316..f06a162fb --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@@ -3,14 -3,12 +3,14 @@@ class TraceController < ApplicationCont before_filter :authorize_web before_filter :set_locale - before_filter :require_user, :only => [:mine, :create, :edit, :delete, :make_public] + before_filter :require_user, :only => [:mine, :create, :edit, :delete] before_filter :authorize, :only => [:api_details, :api_data, :api_create] before_filter :check_database_readable, :except => [:api_details, :api_data, :api_create] - before_filter :check_database_writable, :only => [:create, :edit, :delete, :make_public] + before_filter :check_database_writable, :only => [:create, :edit, :delete] before_filter :check_api_readable, :only => [:api_details, :api_data] before_filter :check_api_writable, :only => [:api_create] + before_filter :require_allow_read_gpx, :only => [:api_details, :api_data] + before_filter :require_allow_write_gpx, :only => [:api_create] # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.). # target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces @@@ -45,15 -43,15 +45,15 @@@ # 4 - user's traces, not logged in as that user = all user's public traces if target_user.nil? # all traces if @user - conditions = ["(gpx_files.public = ? OR gpx_files.user_id = ?)", true, @user.id] #1 + conditions = ["(gpx_files.visibility <> 'private' OR gpx_files.user_id = ?)", @user.id] #1 else - conditions = ["gpx_files.public = ?", true] #2 + conditions = ["gpx_files.visibility <> 'private'"] #2 end else if @user and @user == target_user conditions = ["gpx_files.user_id = ?", @user.id] #3 (check vs user id, so no join + can't pick up non-public traces by changing name) else - conditions = ["gpx_files.public = ? AND gpx_files.user_id = ?", true, target_user.id] #4 + conditions = ["gpx_files.public <> 'private' AND gpx_files.user_id = ?", target_user.id] #4 end end @@@ -98,10 -96,13 +98,13 @@@ def mine # Load the preference of whether the user set the trace public the last time @trace = Trace.new - if @user.preferences.find(:first, :conditions => {:k => "gps.trace.public", :v => "default"}).nil? - @trace.public = false + visibility = @user.preferences.find(:first, :conditions => {:k => "gps.trace.visibility"}) + if visibility + @trace.visibility = visibility.v + elsif @user.preferences.find(:first, :conditions => {:k => "gps.trace.public", :v => "default"}).nil? + @trace.visibility = "private" else - @trace.public = true + @trace.visibility = "public" end list(@user, "mine") end @@@ -126,7 -127,7 +129,7 @@@ logger.info(params[:trace][:gpx_file].class.name) if params[:trace][:gpx_file].respond_to?(:read) do_create(params[:trace][:gpx_file], params[:trace][:tagstring], - params[:trace][:description], params[:trace][:public]) + params[:trace][:description], params[:trace][:visibility]) if @trace.id logger.info("id is #{@trace.id}") @@@ -138,7 -139,7 +141,7 @@@ @trace = Trace.new({:name => "Dummy", :tagstring => params[:trace][:tagstring], :description => params[:trace][:description], - :public => params[:trace][:public], + :visibility => params[:trace][:visibility], :inserted => false, :user => @user, :timestamp => Time.now.getutc}) @trace.valid? @@@ -172,6 -173,7 +175,7 @@@ if params[:trace] @trace.description = params[:trace][:description] @trace.tagstring = params[:trace][:tagstring] + @trace.visibility = params[:trace][:visibility] if @trace.save redirect_to :action => 'view' end @@@ -202,27 -204,8 +206,8 @@@ render :nothing => true, :status => :not_found end - def make_public - trace = Trace.find(params[:id]) - - if @user and trace.user == @user - if request.post? and !trace.public? - trace.public = true - trace.save - flash[:notice] = t 'trace.make_public.made_public' - redirect_to :controller => 'trace', :action => 'view', :id => params[:id] - else - render :nothing => true, :status => :bad_request - end - else - render :nothing => true, :status => :forbidden - end - rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found - end - def georss - conditions = ["gpx_files.public = ?", true] + conditions = ["gpx_files.visibility <> 'private'"] if params[:display_name] conditions[0] += " AND users.display_name = ?" @@@ -251,7 -234,7 +236,7 @@@ if trace.inserted? if trace.public? or (@user and @user == trace.user) - expires_in 7.days, :private => !trace.public, :public => trace.public + expires_in 7.days, :private => !trace.public?, :public => trace.public? send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') else render :nothing => true, :status => :forbidden @@@ -268,7 -251,7 +253,7 @@@ if trace.inserted? if trace.public? or (@user and @user == trace.user) - expires_in 7.days, :private => !trace.public, :public => trace.public + expires_in 7.days, :private => !trace.public?, :public => trace.public? send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') else render :nothing => true, :status => :forbidden @@@ -308,10 -291,14 +293,14 @@@ if request.post? tags = params[:tags] || "" description = params[:description] || "" - pub = params[:public] || false + visibility = params[:visibility] || false + + if params[:public] && !visibility + visibility = "public" + end if params[:file].respond_to?(:read) - do_create(params[:file], tags, description, pub) + do_create(params[:file], tags, description, visibility) if @trace.id render :text => @trace.id.to_s, :content_type => "text/plain" @@@ -330,7 -317,7 +319,7 @@@ private - def do_create(file, tags, description, public) + def do_create(file, tags, description, visibility) # Sanitise the user's filename name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_') @@@ -346,7 -333,7 +335,7 @@@ :name => name, :tagstring => tags, :description => description, - :public => public, + :visibility => visibility, :inserted => true, :user => @user, :timestamp => Time.now.getutc @@@ -365,14 -352,12 +354,12 @@@ FileUtils.rm_f(filename) end - # Finally save whether the user marked the trace as being public - if @trace.public? - if @user.trace_public_default.nil? - @user.preferences.create(:k => "gps.trace.public", :v => "default") - end + # Finally save the user's preferred previacy level + if pref = @user.preferences.find(:first, :conditions => {:k => "gps.trace.visibility"}) + pref.v = visibility + pref.save else - pref = @user.trace_public_default - pref.destroy unless pref.nil? + @user.preferences.create(:k => "gps.trace.visibility", :v => visibility) end end diff --combined app/models/user.rb index 1e5944797,9d135a3a1..ae5b0b74f --- a/app/models/user.rb +++ b/app/models/user.rb @@@ -11,9 -11,6 +11,9 @@@ class User < ActiveRecord::Bas has_many :preferences, :class_name => "UserPreference" has_many :changesets + has_many :client_applications + has_many :oauth_tokens, :class_name => "OauthToken", :order => "authorized_at desc", :include => [:client_application] + validates_presence_of :email, :display_name validates_confirmation_of :email#, :message => ' addresses must match' validates_confirmation_of :pass_crypt#, :message => ' must match the confirmation password' @@@ -125,10 -122,6 +125,6 @@@ return false end - def trace_public_default - return self.preferences.find(:first, :conditions => {:k => "gps.trace.public", :v => "default"}) - end - def delete self.active = false self.display_name = "user_#{self.id}" diff --combined config/locales/en.yml index 2cf7a3aa8,29a75b810..16f66dbbc --- a/config/locales/en.yml +++ b/config/locales/en.yml @@@ -87,6 -87,9 +87,9 @@@ en download: "Download {{changeset_xml_link}} or {{osmchange_xml_link}}" changesetxml: "Changeset XML" osmchangexml: "osmChange XML" + feed: + title: "Changeset {{id}}" + title_comment: "Changeset {{id}} - {{comment}}" changeset_navigation: user: name_tooltip: "View edits by {{user}}" @@@ -317,6 -320,16 +320,16 @@@ edit_link: Edit this entry diary_comment: comment_from: "Comment from {{link_user}} at {{comment_created_at}}" + feed: + user: + title: "OpenStreetMap diary entries for {{user}}" + description: "Recent OpenStreetmap diary entries from {{user}}" + language: + title: "OpenStreetMap diary entries in {{language_name}}" + description: "Recent diary entries from users of OpenStreetMap in {{language_name}}" + all: + title: "OpenStreetMap diary entries" + description: "Recent diary entries from users of OpenStreetMap" export: start: area_to_export: "Area to Export" @@@ -690,6 -703,11 +703,11 @@@ destination: "Destination access" construction: "Roads under construction" trace: + visibility: + private: "Private (only shared as anonymous, unordered points)" + public: "Public (shown in trace list and as anonymous, unordered points)" + trackable: "Trackable (only shared as anonymous, ordered points with timestamps)" + identifiable: "Identifiable (shown in trace list and as identifiable, ordered points with timestamps)" create: upload_trace: "Upload GPS Trace" trace_uploaded: "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." @@@ -708,6 -726,9 +726,9 @@@ tags: "Tags:" tags_help: "comma delimited" save_button: "Save Changes" + visibility: "Visibility:" + visibility_help: "what does this mean?" + visibility_help_url: "http://wiki.openstreetmap.org/wiki/Visibility_of_GPS_traces" no_such_user: title: "No such user" heading: "The user {{user}} does not exist" @@@ -717,9 -738,9 +738,9 @@@ description: "Description" tags: "Tags" tags_help: "comma delimited" - public: "Public?" - public_help: "what does this mean?" - public_help_url: "http://wiki.openstreetmap.org/wiki/Visibility_of_GPS_traces" + visibility: "Visibility" + visibility_help: "what does this mean?" + visibility_help_url: "http://wiki.openstreetmap.org/wiki/Visibility_of_GPS_traces" upload_button: "Upload" help: "Help" help_url: "http://wiki.openstreetmap.org/wiki/Upload" @@@ -745,10 -766,10 +766,10 @@@ description: "Description:" tags: "Tags:" none: "None" - make_public: "Make this track public permanently" edit_track: "Edit this track" delete_track: "Delete this track" trace_not_found: "Trace not found!" + visibility: "Visibility:" trace_paging_nav: showing: "Showing page" of: "of" @@@ -775,63 -796,6 +796,63 @@@ scheduled_for_deletion: "Track scheduled for deletion" make_public: made_public: "Track made public" + oauth: + client_application: + request_access: "The application {{app_name}} is requesting access to your account. Please check whether you would like the application to have the following capabilities. You may choose as many or as few as you like." + allow_to: "Allow the client application to:" + allow_read_prefs: "read your user preferences." + allow_write_prefs: "modify your user preferences." + allow_write_diary: "create diary entries, comments and make friends." + allow_write_api: "modify the map." + allow_read_gpx: "read your private GPS traces." + allow_write_gpx: "upload GPS traces." + new: + title: "Register a new application" + submit: "Register" + edit: + title: "Edit your application" + submit: "Edit" + show: + title: "OAuth details for {{app_name}}" + key: "Consumer Key:" + secret: "Consumer Secret:" + url: "Request Token URL:" + access_url: "Access Token URL:" + authorize_url: "Authorise URL:" + support_notice: "We support hmac-sha1 (recommended) as well as plain text in ssl mode." + edit: "Edit Details" + requests: "Requesting the following permissions from the user:" + allow_read_prefs: "read their user preferences." + allow_write_prefs: "modify their user preferences." + allow_write_diary: "create diary entries, comments and make friends." + allow_write_api: "modify the map." + allow_read_gpx: "read their private GPS traces." + allow_write_gpx: "upload GPS traces." + index: + title: "My OAuth Details" + my_tokens: "My Authorised Applications" + list_tokens: "The following tokens have been issued to applications in your name:" + application: "Application Name" + issued_at: "Issued At" + revoke: "Revoke!" + my_apps: "My Client Applications" + no_apps: "Do you have an application you would like to register for use with us using the {{oauth}} standard? You must register your web application before it can make OAuth requests to this service." + registered_apps: "You have the following client applications registered:" + register_new: "Register your application" + form: + name: "Name" + required: "Required" + url: "Main Application URL" + callback_url: "Callback URL" + support_url: "Support URL" + requests: "Request the following permissions from the user:" + allow_read_prefs: "read their user preferences." + allow_write_prefs: "modify their user preferences." + allow_write_diary: "create diary entries, comments and make friends." + allow_write_api: "modify the map." + allow_read_gpx: "read their private GPS traces." + allow_write_gpx: "upload GPS traces." + not_found: "Sorry, that {{type}} could not be found." user: login: title: "Login" @@@ -908,7 -872,6 +929,7 @@@ nearby users: "Nearby users: " no nearby users: "There are no users who admit to mapping nearby yet." change your settings: change your settings + my_oauth_details: "View my OAuth details" friend_map: your location: Your location nearby mapper: "Nearby mapper: " diff --combined config/routes.rb index 0bc0d8cd3,d2407f705..b8d3fa1a0 --- a/config/routes.rb +++ b/config/routes.rb @@@ -135,7 -135,6 +135,6 @@@ ActionController::Routing::Routes.draw map.connect '/trace/:id/data.:format', :controller => 'trace', :action => 'data' map.connect '/trace/:id/edit', :controller => 'trace', :action => 'edit' map.connect '/trace/:id/delete', :controller => 'trace', :action => 'delete' - map.connect '/trace/:id/make_public', :controller => 'trace', :action => 'make_public' map.connect '/user/:display_name/traces', :controller => 'trace', :action => 'list' map.connect '/user/:display_name/traces/page/:page', :controller => 'trace', :action => 'list' map.connect '/user/:display_name/traces/rss', :controller => 'trace', :action => 'georss' @@@ -187,6 -186,7 +186,6 @@@ map.connect '/export/finish', :controller => 'export', :action => 'finish' # messages - map.connect '/user/:display_name/inbox', :controller => 'message', :action => 'inbox' map.connect '/user/:display_name/outbox', :controller => 'message', :action => 'outbox' map.connect '/message/new/:display_name', :controller => 'message', :action => 'new' @@@ -195,14 -195,6 +194,14 @@@ map.connect '/message/reply/:message_id', :controller => 'message', :action => 'reply' map.connect '/message/delete/:message_id', :controller => 'message', :action => 'delete' + # oauth admin pages (i.e: for setting up new clients, etc...) + map.resources :oauth_clients, :path_prefix => '/user/:display_name' + map.connect '/oauth/revoke', :controller => 'oauth', :action => 'revoke' + map.authorize '/oauth/authorize', :controller => 'oauth', :action => 'oauthorize' + map.request_token '/oauth/request_token', :controller => 'oauth', :action => 'request_token' + map.access_token '/oauth/access_token', :controller => 'oauth', :action => 'access_token' + map.test_request '/oauth/test_request', :controller => 'oauth', :action => 'test_request' + # fall through map.connect ':controller/:id/:action' map.connect ':controller/:action' diff --combined db/migrate/040_create_oauth_tables.rb index 95d690512,000000000..95d690512 mode 100644,000000..100644 --- a/db/migrate/040_create_oauth_tables.rb +++ b/db/migrate/040_create_oauth_tables.rb @@@ -1,44 -1,0 +1,44 @@@ +class CreateOauthTables < ActiveRecord::Migration + def self.up + create_table :client_applications do |t| + t.string :name + t.string :url + t.string :support_url + t.string :callback_url + t.string :key, :limit => 50 + t.string :secret, :limit => 50 + t.integer :user_id + + t.timestamps + end + add_index :client_applications, :key, :unique => true + + create_table :oauth_tokens do |t| + t.integer :user_id + t.string :type, :limit => 20 + t.integer :client_application_id + t.string :token, :limit => 50 + t.string :secret, :limit => 50 + t.timestamp :authorized_at, :invalidated_at + t.timestamps + end + + add_index :oauth_tokens, :token, :unique => true + + create_table :oauth_nonces do |t| + t.string :nonce + t.integer :timestamp + + t.timestamps + end + add_index :oauth_nonces, [:nonce, :timestamp], :unique => true + + end + + def self.down + drop_table :client_applications + drop_table :oauth_tokens + drop_table :oauth_nonces + end + +end diff --combined db/migrate/041_add_fine_o_auth_permissions.rb index ad4c7a8a4,000000000..ad4c7a8a4 mode 100644,000000..100644 --- a/db/migrate/041_add_fine_o_auth_permissions.rb +++ b/db/migrate/041_add_fine_o_auth_permissions.rb @@@ -1,23 -1,0 +1,23 @@@ +class AddFineOAuthPermissions < ActiveRecord::Migration + PERMISSIONS = [:allow_read_prefs, :allow_write_prefs, :allow_write_diary, + :allow_write_api, :allow_read_gpx, :allow_write_gpx ] + + def self.up + PERMISSIONS.each do |perm| + # add fine-grained permissions columns for OAuth tokens, allowing people to + # give permissions to parts of the site only. + add_column :oauth_tokens, perm, :boolean, :null => false, :default => false + + # add fine-grained permissions columns for client applications, allowing the + # client applications to request particular privileges. + add_column :client_applications, perm, :boolean, :null => false, :default => false + end + end + + def self.down + PERMISSIONS.each do |perm| + remove_column :oauth_tokens, perm + remove_column :client_applications, perm + end + end +end diff --combined db/migrate/042_add_foreign_keys_to_oauth_tables.rb index 09de54349,000000000..09de54349 mode 100644,000000..100644 --- a/db/migrate/042_add_foreign_keys_to_oauth_tables.rb +++ b/db/migrate/042_add_foreign_keys_to_oauth_tables.rb @@@ -1,15 -1,0 +1,15 @@@ +require 'lib/migrate' + +class AddForeignKeysToOauthTables < ActiveRecord::Migration + def self.up + add_foreign_key :oauth_tokens, [:user_id], :users, [:id] + add_foreign_key :oauth_tokens, [:client_application_id], :client_applications, [:id] + add_foreign_key :client_applications, [:user_id], :users, [:id] + end + + def self.down + remove_foreign_key :oauth_tokens, [:user_id], :users + remove_foreign_key :oauth_tokens, [:client_application_id], :client_applications + remove_foreign_key :client_applications, [:user_id], :users + end +end