class TraceController < ApplicationController
+ layout 'site'
+
before_filter :authorize_web
before_filter :authorize, :only => [:api_details, :api_data, :api_create]
- layout 'site'
+ before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create]
+ before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create]
# Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.).
# target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces
# from display name, pick up user id if one user's traces only
display_name = params[:display_name]
if target_user.nil? and !display_name.blank?
- target_user = User.find(:first, :conditions => [ "display_name = ?", display_name])
+ target_user = User.find(:first, :conditions => [ "visible = ? and display_name = ?", true, display_name])
end
# set title
if target_user.nil?
@title = "Public GPS traces"
- elsif @user and @user.id == target_user.id
+ elsif @user and @user == target_user
@title = "Your GPS traces"
else
@title = "Public GPS traces from #{target_user.display_name}"
# 4 - user's traces, not logged in as that user = all user's public traces
if target_user.nil? # all traces
if @user
- conditions = ["(gpx_files.public = 1 OR gpx_files.user_id = ?)", @user.id] #1
+ conditions = ["(gpx_files.public = ? OR gpx_files.user_id = ?)", true, @user.id] #1
else
- conditions = ["gpx_files.public = 1"] #2
+ conditions = ["gpx_files.public = ?", true] #2
end
else
- if @user and @user.id == target_user.id
+ if @user and @user == target_user
conditions = ["gpx_files.user_id = ?", @user.id] #3 (check vs user id, so no join + can't pick up non-public traces by changing name)
else
- conditions = ["gpx_files.public = 1 AND gpx_files.user_id = ?", target_user.id] #4
+ conditions = ["gpx_files.public = ? AND gpx_files.user_id = ?", true, target_user.id] #4
end
end
conditions << @tag
end
- conditions[0] += " AND gpx_files.visible = 1"
+ conditions[0] += " AND gpx_files.visible = 1" #FIXME: use boolean true as parameter to active record
@trace_pages, @traces = paginate(:traces,
:include => [:user, :tags],
def view
@trace = Trace.find(params[:id])
- unless @trace
- flash[:notice] = "OH NOES! Trace not found!"
+ if @trace and @trace.visible? and
+ (@trace.public? or @trace.user == @user)
+ @title = "Viewing trace #{@trace.name}"
+ else
+ flash[:notice] = "Trace not found!"
redirect_to :controller => 'trace', :action => 'list'
- return
- end
-
- @title = "Viewing trace #{@trace.name}"
- if !@trace.visible?
- render :nothing => true, :status => :not_found
- elsif !@trace.public? and @trace.user.id != @user.id
- render :nothing => true, :status => :forbidden
end
rescue ActiveRecord::RecordNotFound
- flash[:notice] = "GPX file not found"
+ flash[:notice] = "Trace not found!"
redirect_to :controller => 'trace', :action => 'list'
end
end
else
@trace = Trace.new({:name => "Dummy",
- :tagstring => params[:trace][:tagstring],
- :description => params[:trace][:description],
- :public => params[:trace][:public],
- :inserted => false, :user => @user,
- :timestamp => Time.now})
+ :tagstring => params[:trace][:tagstring],
+ :description => params[:trace][:description],
+ :public => params[:trace][:public],
+ :inserted => false, :user => @user,
+ :timestamp => Time.now})
@trace.valid?
@trace.errors.add(:gpx_file, "can't be blank")
end
end
def georss
- conditions = ["gpx_files.public = 1"]
+ conditions = ["gpx_files.public = 1"] # fixme pass boolean true as parameter
if params[:display_name]
conditions[0] += " AND users.display_name = ?"
end
end
- private
+private
def do_create(file, tags, description, public)
name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_')
File.open(filename, "w") { |f| f.write(file.read) }
@trace = Trace.new({:name => name, :tagstring => tags,
- :description => description, :public => public})
+ :description => description, :public => public})
@trace.inserted = false
@trace.user = @user
@trace.timestamp = Time.now
projects / rails.git / blobdiff