X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/08b71b48e12ed1d34e8a807d913dbf9714635fc6..603af36a83421a961afddc1604eabfea97f625ba:/app/controllers/trace_controller.rb diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 66583459b..3b3097755 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -48,6 +48,8 @@ class TraceController < ApplicationController conditions << @tag end + conditions[0] += " AND gpx_files.visible = 1" + @trace_pages, @traces = paginate(:traces, :include => [:user, :tags], :conditions => conditions, @@ -82,10 +84,10 @@ class TraceController < ApplicationController def view @trace = Trace.find(params[:id]) @title = "Viewing trace #{@trace.name}" - unless @trace.public - if @user - render :nothing, :status => :forbidden if @trace.user.id != @user.id - end + if !@trace.visible? + render :nothing => true, :status => :not_found + elsif !@trace.public? and @trace.user.id != @user.id + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -108,21 +110,52 @@ class TraceController < ApplicationController def data trace = Trace.find(params[:id]) - if trace and (trace.public? or (@user and @user == trace.user)) + + if trace.visible? and (trace.public? or (@user and @user == trace.user)) send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') else render :nothing, :status => :not_found end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found + end + + def delete + trace = Trace.find(params[:id]) + + if @user and trace.user == @user + if request.post? and trace.visible? + trace.visible = false + trace.save + flash[:notice] = 'Track scheduled for deletion' + redirect_to :controller => 'traces', :action => 'mine' + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def make_public trace = Trace.find(params[:id]) - if @user and trace.user == @user and !trace.public - trace.public = true - trace.save - flash[:notice] = 'Track made public' - redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + + if @user and trace.user == @user + if request.post? and !trace.public? + trace.public = true + trace.save + flash[:notice] = 'Track made public' + redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def georss @@ -151,66 +184,78 @@ class TraceController < ApplicationController end def picture - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) + if trace.inserted? if trace.public? or (@user and @user == trace.user) send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') else render :nothing, :status => :forbidden end - rescue ActiveRecord::RecordNotFound + else render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def icon - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) + if trace.inserted? if trace.public? or (@user and @user == trace.user) send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') else render :nothing, :status => :forbidden end - rescue ActiveRecord::RecordNotFound + else render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_details - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) - if trace.public? or trace.user == @user - render :text => trace.to_xml.to_s, :content_type => "text/xml" - else - render :nothing => true, :status => :forbidden - end - rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error + if trace.public? or trace.user == @user + render :text => trace.to_xml.to_s, :content_type => "text/xml" + else + render :nothing => true, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_data - render :action => 'data' + trace = Trace.find(params[:id]) + + if trace.public? or trace.user == @user + send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') + else + render :nothing => true, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_create - do_create(params[:filename], params[:tags], params[:description], true) do |f| - f.write(request.raw_post) - end + if request.post? + name = params[:file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane - if @trace.id - render :nothing => true + do_create(name, params[:tags], params[:description], params[:public]) do |f| + f.write(params[:file].read) + end + + if @trace.id + render :text => @trace.id.to_s, :content_type => "text/plain" + elsif @trace.valid? + render :nothing => true, :status => :internal_server_error + else + render :nothing => true, :status => :bad_request + end else - render :nothing => true, :status => :internal_server_error + render :nothing => true, :status => :method_not_allowed end end