]> git.openstreetmap.org Git - rails.git/blob - app/controllers/traces/icons_controller.rb
Remove test_logout_removes_session_token
[rails.git] / app / controllers / traces / icons_controller.rb
1 module Traces
2   class IconsController < ApplicationController
3     before_action :authorize_web
4     before_action :check_database_readable
5
6     authorize_resource :trace
7
8     def show
9       trace = Trace.visible.imported.find(params[:trace_id])
10
11       if trace.public? || (current_user && current_user == trace.user)
12         redirect_to rails_blob_path(trace.icon, :disposition => "inline")
13       else
14         head :forbidden
15       end
16     rescue ActiveRecord::RecordNotFound
17       head :not_found
18     end
19   end
20 end