From a969e08641143b0403ab2b366e0084b96a162281 Mon Sep 17 00:00:00 2001 From: Anton Khorev Date: Wed, 27 Mar 2024 11:20:19 +0300 Subject: [PATCH 1/1] Use "visible" scope when finding traces Allows to eliminate some :not_found branches. --- app/controllers/traces/icons_controller.rb | 4 +-- app/controllers/traces/pictures_controller.rb | 4 +-- app/controllers/traces_controller.rb | 27 +++++++------------ 3 files changed, 14 insertions(+), 21 deletions(-) diff --git a/app/controllers/traces/icons_controller.rb b/app/controllers/traces/icons_controller.rb index a58179654..ec67a6bb1 100644 --- a/app/controllers/traces/icons_controller.rb +++ b/app/controllers/traces/icons_controller.rb @@ -6,9 +6,9 @@ module Traces authorize_resource :trace def show - trace = Trace.find(params[:trace_id]) + trace = Trace.visible.find(params[:trace_id]) - if trace.visible? && trace.inserted? + if trace.inserted? if trace.public? || (current_user && current_user == trace.user) if trace.icon.attached? redirect_to rails_blob_path(trace.icon, :disposition => "inline") diff --git a/app/controllers/traces/pictures_controller.rb b/app/controllers/traces/pictures_controller.rb index aeac7df86..0e0d588cb 100644 --- a/app/controllers/traces/pictures_controller.rb +++ b/app/controllers/traces/pictures_controller.rb @@ -6,9 +6,9 @@ module Traces authorize_resource :trace def show - trace = Trace.find(params[:trace_id]) + trace = Trace.visible.find(params[:trace_id]) - if trace.visible? && trace.inserted? + if trace.inserted? if trace.public? || (current_user && current_user == trace.user) if trace.icon.attached? redirect_to rails_blob_path(trace.image, :disposition => "inline") diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb index f717d6943..5bee44886 100644 --- a/app/controllers/traces_controller.rb +++ b/app/controllers/traces_controller.rb @@ -68,10 +68,9 @@ class TracesController < ApplicationController end def show - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if @trace&.visible? && - (@trace&.public? || @trace&.user == current_user) + if @trace.public? || @trace.user == current_user @title = t ".title", :name => @trace.name else flash[:error] = t ".trace_not_found" @@ -88,11 +87,9 @@ class TracesController < ApplicationController end def edit - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden else @title = t ".title", :name => @trace.name @@ -136,11 +133,9 @@ class TracesController < ApplicationController end def update - @trace = Trace.find(params[:id]) + @trace = Trace.visible.find(params[:id]) - if !@trace.visible? - head :not_found - elsif current_user.nil? || @trace.user != current_user + if current_user.nil? || @trace.user != current_user head :forbidden elsif @trace.update(trace_params) flash[:notice] = t ".updated" @@ -154,11 +149,9 @@ class TracesController < ApplicationController end def destroy - trace = Trace.find(params[:id]) + trace = Trace.visible.find(params[:id]) - if !trace.visible? - head :not_found - elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) + if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?) head :forbidden else trace.visible = false @@ -176,9 +169,9 @@ class TracesController < ApplicationController end def data - trace = Trace.find(params[:id]) + trace = Trace.visible.find(params[:id]) - if trace.visible? && (trace.public? || (current_user && current_user == trace.user)) + if trace.public? || (current_user && current_user == trace.user) if Acl.no_trace_download(request.remote_ip) head :forbidden elsif request.format == Mime[:xml] -- 2.39.5