]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/traces_controller.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #4680 from tomhughes/validate-page-numbers
[rails.git] / app / controllers / traces_controller.rb
diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb
index 23f8ce7ec51c138f903349d7780ab62bf236a276..5bee44886716448fbcd715dc893c981341b5984b 100644 (file)
--- a/app/controllers/traces_controller.rb
+++ b/app/controllers/traces_controller.rb
@@ -1,4 +1,7 @@
 class TracesController < ApplicationController
 class TracesController < ApplicationController
+  include UserMethods
+  include PaginationMethods
+
   layout "site", :except => :georss
 
   before_action :authorize_web
   layout "site", :except => :georss
 
   before_action :authorize_web
@@ -17,7 +20,7 @@ class TracesController < ApplicationController
     # from display name, pick up user id if one user's traces only
     display_name = params[:display_name]
     if display_name.present?
     # from display name, pick up user id if one user's traces only
     display_name = params[:display_name]
     if display_name.present?
-      target_user = User.active.where(:display_name => display_name).first
+      target_user = User.active.find_by(:display_name => display_name)
       if target_user.nil?
         render_unknown_user display_name
         return
       if target_user.nil?
         render_unknown_user display_name
         return
@@ -40,44 +43,34 @@ class TracesController < ApplicationController
     # 2 - all traces, not logged in = all public traces
     # 3 - user's traces, logged in as same user = all user's traces
     # 4 - user's traces, not logged in as that user = all user's public traces
     # 2 - all traces, not logged in = all public traces
     # 3 - user's traces, logged in as same user = all user's traces
     # 4 - user's traces, not logged in as that user = all user's public traces
-    @traces = if target_user.nil? # all traces
-                if current_user
-                  Trace.visible_to(current_user) # 1
-                else
-                  Trace.visible_to_all # 2
-                end
-              elsif current_user && current_user == target_user
-                current_user.traces # 3 (check vs user id, so no join + can't pick up non-public traces by changing name)
-              else
-                target_user.traces.visible_to_all # 4
-              end
+    traces = if target_user.nil? # all traces
+               if current_user
+                 Trace.visible_to(current_user) # 1
+               else
+                 Trace.visible_to_all # 2
+               end
+             elsif current_user && current_user == target_user
+               current_user.traces # 3 (check vs user id, so no join + can't pick up non-public traces by changing name)
+             else
+               target_user.traces.visible_to_all # 4
+             end
 
 
-    @traces = @traces.tagged(params[:tag]) if params[:tag]
+    traces = traces.tagged(params[:tag]) if params[:tag]
 
 
-    @params = params.permit(:display_name, :tag)
+    traces = traces.visible
 
 
-    @page = (params[:page] || 1).to_i
-    @page_size = 20
+    @params = params.permit(:display_name, :tag, :before, :after)
 
 
-    @traces = @traces.visible
-    @traces = @traces.order(:id => :desc)
-    @traces = @traces.offset((@page - 1) * @page_size)
-    @traces = @traces.limit(@page_size)
-    @traces = @traces.includes(:user, :tags)
+    @traces, @newer_traces_id, @older_traces_id = get_page_items(traces, :includes => [:user, :tags])
 
     # final helper vars for view
     @target_user = target_user
   end
 
 
     # final helper vars for view
     @target_user = target_user
   end
 
-  def mine
-    redirect_to :action => :index, :display_name => current_user.display_name
-  end
-
   def show
   def show
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
 
-    if @trace&.visible? &&
-       (@trace&.public? || @trace&.user == current_user)
+    if @trace.public? || @trace.user == current_user
       @title = t ".title", :name => @trace.name
     else
       flash[:error] = t ".trace_not_found"
       @title = t ".title", :name => @trace.name
     else
       flash[:error] = t ".trace_not_found"
@@ -93,6 +86,18 @@ class TracesController < ApplicationController
     @trace = Trace.new(:visibility => default_visibility)
   end
 
     @trace = Trace.new(:visibility => default_visibility)
   end
 
+  def edit
+    @trace = Trace.visible.find(params[:id])
+
+    if current_user.nil? || @trace.user != current_user
+      head :forbidden
+    else
+      @title = t ".title", :name => @trace.name
+    end
+  rescue ActiveRecord::RecordNotFound
+    head :not_found
+  end
+
   def create
     @title = t ".upload_trace"
 
   def create
     @title = t ".upload_trace"
 
@@ -106,10 +111,10 @@ class TracesController < ApplicationController
         flash[:notice] = t ".trace_uploaded"
         flash[:warning] = t ".traces_waiting", :count => current_user.traces.where(:inserted => false).count if current_user.traces.where(:inserted => false).count > 4
 
         flash[:notice] = t ".trace_uploaded"
         flash[:warning] = t ".traces_waiting", :count => current_user.traces.where(:inserted => false).count if current_user.traces.where(:inserted => false).count > 4
 
-        TraceImporterJob.perform_later(@trace)
+        @trace.schedule_import
         redirect_to :action => :index, :display_name => current_user.display_name
       else
         redirect_to :action => :index, :display_name => current_user.display_name
       else
-        flash[:error] = t("traces.create.upload_failed") if @trace.valid?
+        flash[:error] = t(".upload_failed") if @trace.valid?
 
         render :action => "new"
       end
 
         render :action => "new"
       end
@@ -127,48 +132,10 @@ class TracesController < ApplicationController
     end
   end
 
     end
   end
 
-  def data
-    trace = Trace.find(params[:id])
-
-    if trace.visible? && (trace.public? || (current_user && current_user == trace.user))
-      if Acl.no_trace_download(request.remote_ip)
-        head :forbidden
-      elsif request.format == Mime[:xml]
-        send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
-      elsif request.format == Mime[:gpx]
-        send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
-      elsif trace.file.attached?
-        redirect_to rails_blob_path(trace.file, :disposition => "attachment")
-      else
-        send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
-      end
-    else
-      head :not_found
-    end
-  rescue ActiveRecord::RecordNotFound
-    head :not_found
-  end
-
-  def edit
-    @trace = Trace.find(params[:id])
-
-    if !@trace.visible?
-      head :not_found
-    elsif current_user.nil? || @trace.user != current_user
-      head :forbidden
-    else
-      @title = t ".title", :name => @trace.name
-    end
-  rescue ActiveRecord::RecordNotFound
-    head :not_found
-  end
-
   def update
   def update
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
 
-    if !@trace.visible?
-      head :not_found
-    elsif current_user.nil? || @trace.user != current_user
+    if current_user.nil? || @trace.user != current_user
       head :forbidden
     elsif @trace.update(trace_params)
       flash[:notice] = t ".updated"
       head :forbidden
     elsif @trace.update(trace_params)
       flash[:notice] = t ".updated"
@@ -182,47 +149,39 @@ class TracesController < ApplicationController
   end
 
   def destroy
   end
 
   def destroy
-    trace = Trace.find(params[:id])
+    trace = Trace.visible.find(params[:id])
 
 
-    if !trace.visible?
-      head :not_found
-    elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
+    if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
       head :forbidden
     else
       trace.visible = false
       trace.save
       flash[:notice] = t ".scheduled_for_deletion"
       head :forbidden
     else
       trace.visible = false
       trace.save
       flash[:notice] = t ".scheduled_for_deletion"
-      TraceDestroyerJob.perform_later(trace)
+      trace.schedule_destruction
       redirect_to :action => :index, :display_name => trace.user.display_name
     end
   rescue ActiveRecord::RecordNotFound
     head :not_found
   end
 
       redirect_to :action => :index, :display_name => trace.user.display_name
     end
   rescue ActiveRecord::RecordNotFound
     head :not_found
   end
 
-  def georss
-    @traces = Trace.visible_to_all.visible
-
-    @traces = @traces.joins(:user).where(:users => { :display_name => params[:display_name] }) if params[:display_name]
-
-    @traces = @traces.tagged(params[:tag]) if params[:tag]
-    @traces = @traces.order("timestamp DESC")
-    @traces = @traces.limit(20)
-    @traces = @traces.includes(:user)
+  def mine
+    redirect_to :action => :index, :display_name => current_user.display_name
   end
 
   end
 
-  def picture
-    trace = Trace.find(params[:id])
-
-    if trace.visible? && trace.inserted?
-      if trace.public? || (current_user && current_user == trace.user)
-        if trace.icon.attached?
-          redirect_to rails_blob_path(trace.image, :disposition => "inline")
-        else
-          expires_in 7.days, :private => !trace.public?, :public => trace.public?
-          send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => "image/gif", :disposition => "inline")
-        end
-      else
+  def data
+    trace = Trace.visible.find(params[:id])
+
+    if trace.public? || (current_user && current_user == trace.user)
+      if Acl.no_trace_download(request.remote_ip)
         head :forbidden
         head :forbidden
+      elsif request.format == Mime[:xml]
+        send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
+      elsif request.format == Mime[:gpx]
+        send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
+      elsif trace.file.attached?
+        redirect_to rails_blob_path(trace.file, :disposition => "attachment")
+      else
+        send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
       end
     else
       head :not_found
       end
     else
       head :not_found
@@ -231,25 +190,15 @@ class TracesController < ApplicationController
     head :not_found
   end
 
     head :not_found
   end
 
-  def icon
-    trace = Trace.find(params[:id])
-
-    if trace.visible? && trace.inserted?
-      if trace.public? || (current_user && current_user == trace.user)
-        if trace.icon.attached?
-          redirect_to rails_blob_path(trace.icon, :disposition => "inline")
-        else
-          expires_in 7.days, :private => !trace.public?, :public => trace.public?
-          send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => "image/gif", :disposition => "inline")
-        end
-      else
-        head :forbidden
-      end
-    else
-      head :not_found
-    end
-  rescue ActiveRecord::RecordNotFound
-    head :not_found
+  def georss
+    @traces = Trace.visible_to_all.visible
+
+    @traces = @traces.joins(:user).where(:users => { :display_name => params[:display_name] }) if params[:display_name]
+
+    @traces = @traces.tagged(params[:tag]) if params[:tag]
+    @traces = @traces.order("timestamp DESC")
+    @traces = @traces.limit(20)
+    @traces = @traces.includes(:user)
   end
 
   private
   end
 
   private
@@ -273,7 +222,7 @@ class TracesController < ApplicationController
     # Save the trace object
     if trace.save
       # Finally save the user's preferred privacy level
     # Save the trace object
     if trace.save
       # Finally save the user's preferred privacy level
-      if pref = current_user.preferences.where(:k => "gps.trace.visibility").first
+      if pref = current_user.preferences.find_by(:k => "gps.trace.visibility")
         pref.v = visibility
         pref.save
       else
         pref.v = visibility
         pref.save
       else
@@ -293,11 +242,11 @@ class TracesController < ApplicationController
   end
 
   def default_visibility
   end
 
   def default_visibility
-    visibility = current_user.preferences.where(:k => "gps.trace.visibility").first
+    visibility = current_user.preferences.find_by(:k => "gps.trace.visibility")
 
     if visibility
       visibility.v
 
     if visibility
       visibility.v
-    elsif current_user.preferences.where(:k => "gps.trace.public", :v => "default").first.nil?
+    elsif current_user.preferences.find_by(:k => "gps.trace.public", :v => "default").nil?
       "private"
     else
       "public"
       "private"
     else
       "public"
The OpenStreetMap web site