X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/44051f30d8a65a49a8db020bedefa632a446c666..868ce8d467210564211f6ed68f5f40fdd444ded5:/app/controllers/trace_controller.rb

diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb
index 2001fdb2f..3eb7f5c7e 100644
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@@ -48,6 +48,8 @@ class TraceController < ApplicationController
       conditions << @tag
     end
     
+    conditions[0] += " AND gpx_files.visible = 1"
+
     @trace_pages, @traces = paginate(:traces,
                                      :include => [:user, :tags],
                                      :conditions => conditions,
@@ -82,10 +84,10 @@ class TraceController < ApplicationController
   def view
     @trace = Trace.find(params[:id])
     @title = "Viewing trace #{@trace.name}"
-    unless @trace.public
-      if @user
-        render :nothing, :status => :forbidden if @trace.user.id != @user.id
-      end
+    if !@trace.visible?
+      render :nothing => true, :status => :not_found
+    elsif !@trace.public? and @trace.user.id != @user.id
+      render :nothing => true, :status => :forbidden
     end
   rescue ActiveRecord::RecordNotFound
     render :nothing => true, :status => :not_found
@@ -108,21 +110,70 @@ class TraceController < ApplicationController
 
   def data
     trace = Trace.find(params[:id])
-    if trace and (trace.public? or (@user and @user == trace.user))
+
+    if trace.visible? and (trace.public? or (@user and @user == trace.user))
       send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment')
     else
       render :nothing, :status => :not_found
     end
+  rescue ActiveRecord::RecordNotFound
+    render :nothing => true, :status => :not_found
+  end
+
+  def edit
+    @trace = Trace.find(params[:id])
+
+    if @user and @trace.user == @user
+      if params[:trace]
+        @trace.description = params[:trace][:description]
+        @trace.tagstring = params[:trace][:tagstring]
+        if @trace.save
+          redirect_to :action => 'view'
+        end        
+      end
+    else
+      render :nothing, :status => :forbidden
+    end
+  rescue ActiveRecord::RecordNotFound
+    render :nothing => true, :status => :not_found
+  end
+
+  def delete
+    trace = Trace.find(params[:id])
+
+    if @user and trace.user == @user
+      if request.post? and trace.visible?
+        trace.visible = false
+        trace.save
+        flash[:notice] = 'Track scheduled for deletion'
+        redirect_to :controller => 'traces', :action => 'mine'
+      else
+        render :nothing, :status => :bad_request
+      end
+    else
+      render :nothing, :status => :forbidden
+    end
+  rescue ActiveRecord::RecordNotFound
+    render :nothing => true, :status => :not_found
   end
 
   def make_public
     trace = Trace.find(params[:id])
-    if @user and trace.user == @user and !trace.public
-      trace.public = true
-      trace.save
-      flash[:notice] = 'Track made public'
-      redirect_to :controller => 'trace', :action => 'view', :id => params[:id]
+
+    if @user and trace.user == @user
+      if request.post? and !trace.public?
+        trace.public = true
+        trace.save
+        flash[:notice] = 'Track made public'
+        redirect_to :controller => 'trace', :action => 'view', :id => params[:id]
+      else
+        render :nothing, :status => :bad_request
+      end
+    else
+      render :nothing, :status => :forbidden
     end
+  rescue ActiveRecord::RecordNotFound
+    render :nothing => true, :status => :not_found
   end
 
   def georss
@@ -153,10 +204,14 @@ class TraceController < ApplicationController
   def picture
     trace = Trace.find(params[:id])
 
-    if trace.public? or (@user and @user == trace.user)
-      send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline')
+    if trace.inserted?
+      if trace.public? or (@user and @user == trace.user)
+        send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline')
+      else
+        render :nothing, :status => :forbidden
+      end
     else
-      render :nothing, :status => :forbidden
+      render :nothing => true, :status => :not_found
     end
   rescue ActiveRecord::RecordNotFound
     render :nothing => true, :status => :not_found
@@ -165,10 +220,14 @@ class TraceController < ApplicationController
   def icon
     trace = Trace.find(params[:id])
 
-    if trace.public? or (@user and @user == trace.user)
-      send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline')
+    if trace.inserted?
+      if trace.public? or (@user and @user == trace.user)
+        send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline')
+      else
+        render :nothing, :status => :forbidden
+      end
     else
-      render :nothing, :status => :forbidden
+      render :nothing => true, :status => :not_found
     end
   rescue ActiveRecord::RecordNotFound
     render :nothing => true, :status => :not_found
@@ -203,7 +262,7 @@ class TraceController < ApplicationController
       name = params[:file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane
 
       do_create(name, params[:tags], params[:description], params[:public]) do |f|
-        f.write(request[:file].read)
+        f.write(params[:file].read)
       end
 
       if @trace.id