X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/08b71b48e12ed1d34e8a807d913dbf9714635fc6..97aefa23d0606edaee71d04cf6c1a2006689b1fa:/app/controllers/trace_controller.rb diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 66583459b..0467e66ba 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -1,7 +1,10 @@ class TraceController < ApplicationController + layout 'site' + before_filter :authorize_web before_filter :authorize, :only => [:api_details, :api_data, :api_create] - layout 'site' + before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create] + before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create] # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.). # target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces @@ -48,6 +51,8 @@ class TraceController < ApplicationController conditions << @tag end + conditions[0] += " AND gpx_files.visible = 1" + @trace_pages, @traces = paginate(:traces, :include => [:user, :tags], :conditions => conditions, @@ -81,48 +86,113 @@ class TraceController < ApplicationController def view @trace = Trace.find(params[:id]) - @title = "Viewing trace #{@trace.name}" - unless @trace.public - if @user - render :nothing, :status => :forbidden if @trace.user.id != @user.id - end + + if @trace and @trace.visible? and + (@trace.public? or @trace.user.id == @user.id) + @title = "Viewing trace #{@trace.name}" + else + flash[:notice] = "Trace not found!" + redirect_to :controller => 'trace', :action => 'list' end rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found + flash[:notice] = "Trace not found!" + redirect_to :controller => 'trace', :action => 'list' end def create - name = params[:trace][:gpx_file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane + logger.info(params[:trace][:gpx_file].class.name) + if params[:trace][:gpx_file].respond_to?(:read) + do_create(params[:trace][:gpx_file], params[:trace][:tagstring], + params[:trace][:description], params[:trace][:public]) - do_create(name, params[:trace][:tagstring], params[:trace][:description], params[:trace][:public]) do |f| - f.write(params[:trace][:gpx_file].read) - end - - if @trace.id - logger.info("id is #{@trace.id}") - flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." + if @trace.id + logger.info("id is #{@trace.id}") + flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." - redirect_to :action => 'mine' + redirect_to :action => 'mine' + end + else + @trace = Trace.new({:name => "Dummy", + :tagstring => params[:trace][:tagstring], + :description => params[:trace][:description], + :public => params[:trace][:public], + :inserted => false, :user => @user, + :timestamp => Time.now}) + @trace.valid? + @trace.errors.add(:gpx_file, "can't be blank") end end def data trace = Trace.find(params[:id]) - if trace and (trace.public? or (@user and @user == trace.user)) - send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') + + if trace.visible? and (trace.public? or (@user and @user == trace.user)) + if request.format == Mime::XML + send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment') + else + send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') + end else render :nothing, :status => :not_found end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found + end + + def edit + @trace = Trace.find(params[:id]) + + if @user and @trace.user == @user + if params[:trace] + @trace.description = params[:trace][:description] + @trace.tagstring = params[:trace][:tagstring] + if @trace.save + redirect_to :action => 'view' + end + end + else + render :nothing, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found + end + + def delete + trace = Trace.find(params[:id]) + + if @user and trace.user == @user + if request.post? and trace.visible? + trace.visible = false + trace.save + flash[:notice] = 'Track scheduled for deletion' + redirect_to :controller => 'traces', :action => 'mine' + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def make_public trace = Trace.find(params[:id]) - if @user and trace.user == @user and !trace.public - trace.public = true - trace.save - flash[:notice] = 'Track made public' - redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + + if @user and trace.user == @user + if request.post? and !trace.public? + trace.public = true + trace.save + flash[:notice] = 'Track made public' + redirect_to :controller => 'trace', :action => 'view', :id => params[:id] + else + render :nothing, :status => :bad_request + end + else + render :nothing, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def georss @@ -132,7 +202,7 @@ class TraceController < ApplicationController conditions[0] += " AND users.display_name = ?" conditions << params[:display_name] end - + if params[:tag] conditions[0] += " AND EXISTS (SELECT * FROM gpx_file_tags AS gft WHERE gft.gpx_id = gpx_files.id AND gft.tag = ?)" conditions << params[:tag] @@ -151,75 +221,84 @@ class TraceController < ApplicationController end def picture - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) + if trace.inserted? if trace.public? or (@user and @user == trace.user) send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') else render :nothing, :status => :forbidden end - rescue ActiveRecord::RecordNotFound + else render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def icon - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) + if trace.inserted? if trace.public? or (@user and @user == trace.user) send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') else render :nothing, :status => :forbidden end - rescue ActiveRecord::RecordNotFound + else render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_details - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) - if trace.public? or trace.user == @user - render :text => trace.to_xml.to_s, :content_type => "text/xml" - else - render :nothing => true, :status => :forbidden - end - rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error + if trace.public? or trace.user == @user + render :text => trace.to_xml.to_s, :content_type => "text/xml" + else + render :nothing => true, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_data - render :action => 'data' + trace = Trace.find(params[:id]) + + if trace.public? or trace.user == @user + send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') + else + render :nothing => true, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_create - do_create(params[:filename], params[:tags], params[:description], true) do |f| - f.write(request.raw_post) - end + if request.post? + do_create(params[:file], params[:tags], params[:description], params[:public]) - if @trace.id - render :nothing => true + if @trace.id + render :text => @trace.id.to_s, :content_type => "text/plain" + elsif @trace.valid? + render :nothing => true, :status => :internal_server_error + else + render :nothing => true, :status => :bad_request + end else - render :nothing => true, :status => :internal_server_error + render :nothing => true, :status => :method_not_allowed end end private - def do_create(name, tags, description, public) + def do_create(file, tags, description, public) + name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_') filename = "/tmp/#{rand}" - File.open(filename, "w") { |f| yield f } + File.open(filename, "w") { |f| f.write(file.read) } @trace = Trace.new({:name => name, :tagstring => tags, :description => description, :public => public}) @@ -228,7 +307,7 @@ private @trace.timestamp = Time.now if @trace.save - File.rename(filename, @trace.trace_name) + FileUtils.mv(filename, @trace.trace_name) else FileUtils.rm_f(filename) end