X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/16a641ac2a663ea926566a5cca2575ee295e8555..2c5f6740c74dd754e162bac26db6e9b405234274:/app/controllers/trace_controller.rb diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 7c5bd7db0..899df05df 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -1,7 +1,10 @@ class TraceController < ApplicationController + layout 'site' + before_filter :authorize_web before_filter :authorize, :only => [:api_details, :api_data, :api_create] - layout 'site' + before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create] + before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create] # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.). # target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces @@ -9,13 +12,13 @@ class TraceController < ApplicationController # from display name, pick up user id if one user's traces only display_name = params[:display_name] if target_user.nil? and !display_name.blank? - target_user = User.find(:first, :conditions => [ "display_name = ?", display_name]) + target_user = User.find(:first, :conditions => [ "visible = 1 and display_name = ?", display_name]) end # set title if target_user.nil? @title = "Public GPS traces" - elsif @user and @user.id == target_user.id + elsif @user and @user == target_user @title = "Your GPS traces" else @title = "Public GPS traces from #{target_user.display_name}" @@ -35,7 +38,7 @@ class TraceController < ApplicationController conditions = ["gpx_files.public = 1"] #2 end else - if @user and @user.id == target_user.id + if @user and @user == target_user conditions = ["gpx_files.user_id = ?", @user.id] #3 (check vs user id, so no join + can't pick up non-public traces by changing name) else conditions = ["gpx_files.public = 1 AND gpx_files.user_id = ?", target_user.id] #4 @@ -83,14 +86,17 @@ class TraceController < ApplicationController def view @trace = Trace.find(params[:id]) - @title = "Viewing trace #{@trace.name}" - if !@trace.visible? - render :nothing => true, :status => :not_found - elsif !@trace.public? and @trace.user.id != @user.id - render :nothing => true, :status => :forbidden + + if @trace and @trace.visible? and + (@trace.public? or @trace.user == @user) + @title = "Viewing trace #{@trace.name}" + else + flash[:notice] = "Trace not found!" + redirect_to :controller => 'trace', :action => 'list' end rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found + flash[:notice] = "Trace not found!" + redirect_to :controller => 'trace', :action => 'list' end def create @@ -121,7 +127,11 @@ class TraceController < ApplicationController trace = Trace.find(params[:id]) if trace.visible? and (trace.public? or (@user and @user == trace.user)) - send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') + if request.format == Mime::XML + send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment') + else + send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') + end else render :nothing, :status => :not_found end @@ -192,7 +202,7 @@ class TraceController < ApplicationController conditions[0] += " AND users.display_name = ?" conditions << params[:display_name] end - + if params[:tag] conditions[0] += " AND EXISTS (SELECT * FROM gpx_file_tags AS gft WHERE gft.gpx_id = gpx_files.id AND gft.tag = ?)" conditions << params[:tag] @@ -297,7 +307,7 @@ private @trace.timestamp = Time.now if @trace.save - File.rename(filename, @trace.trace_name) + FileUtils.mv(filename, @trace.trace_name) else FileUtils.rm_f(filename) end