X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/5d5f72b927ed38eab852b63d84cfb6538837e8fb..eff9fa3b00379f8306fa25e1ea52504cd75c1161:/app/controllers/trace_controller.rb diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 41ff34303..0c4fc9e58 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -2,6 +2,7 @@ class TraceController < ApplicationController layout 'site' before_filter :authorize_web + before_filter :require_user, :only => [:mine, :edit, :delete, :make_public] before_filter :authorize, :only => [:api_details, :api_data, :api_create] before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create] before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create] @@ -12,7 +13,7 @@ class TraceController < ApplicationController # from display name, pick up user id if one user's traces only display_name = params[:display_name] if target_user.nil? and !display_name.blank? - target_user = User.find(:first, :conditions => [ "display_name = ?", display_name]) + target_user = User.find(:first, :conditions => [ "visible = 1 and display_name = ?", display_name]) end # set title @@ -47,8 +48,9 @@ class TraceController < ApplicationController if params[:tag] @tag = params[:tag] - conditions[0] += " AND EXISTS (SELECT * FROM gpx_file_tags AS gft WHERE gft.gpx_id = gpx_files.id AND gft.tag = ?)" - conditions << @tag + + files = Tracetag.find_all_by_tag(params[:tag]).collect { |tt| tt.gpx_id } + conditions[0] += " AND gpx_files.id IN (#{files.join(',')})" end conditions[0] += " AND gpx_files.visible = 1" @@ -77,11 +79,7 @@ class TraceController < ApplicationController end def mine - if @user - list(@user, "mine") unless @user.nil? - else - redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri - end + list(@user, "mine") end def view @@ -133,7 +131,7 @@ class TraceController < ApplicationController send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') end else - render :nothing, :status => :not_found + render :nothing => true, :status => :not_found end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -151,7 +149,7 @@ class TraceController < ApplicationController end end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -167,10 +165,10 @@ class TraceController < ApplicationController flash[:notice] = 'Track scheduled for deletion' redirect_to :controller => 'traces', :action => 'mine' else - render :nothing, :status => :bad_request + render :nothing => true, :status => :bad_request end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -186,10 +184,10 @@ class TraceController < ApplicationController flash[:notice] = 'Track made public' redirect_to :controller => 'trace', :action => 'view', :id => params[:id] else - render :nothing, :status => :bad_request + render :nothing => true, :status => :bad_request end else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end rescue ActiveRecord::RecordNotFound render :nothing => true, :status => :not_found @@ -227,7 +225,7 @@ class TraceController < ApplicationController if trace.public? or (@user and @user == trace.user) send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end else render :nothing => true, :status => :not_found @@ -243,7 +241,7 @@ class TraceController < ApplicationController if trace.public? or (@user and @user == trace.user) send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') else - render :nothing, :status => :forbidden + render :nothing => true, :status => :forbidden end else render :nothing => true, :status => :not_found @@ -295,20 +293,37 @@ class TraceController < ApplicationController private def do_create(file, tags, description, public) + # Sanitise the user's filename name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_') + + # Get a temporary filename... filename = "/tmp/#{rand}" + # ...and save the uploaded file to that location File.open(filename, "w") { |f| f.write(file.read) } - @trace = Trace.new({:name => name, :tagstring => tags, - :description => description, :public => public}) - @trace.inserted = false - @trace.user = @user - @trace.timestamp = Time.now - + # Create the trace object, falsely marked as already + # inserted to stop the import daemon trying to load it + @trace = Trace.new({ + :name => name, + :tagstring => tags, + :description => description, + :public => public, + :inserted => true, + :user => @user, + :timestamp => Time.now + }) + + # Save the trace object if @trace.save + # Rename the temporary file to the final name FileUtils.mv(filename, @trace.trace_name) + + # Clear the inserted flag to make the import daemon load the trace + @trace.inserted = false + @trace.save! else + # Remove the file as we have failed to update the database FileUtils.rm_f(filename) end end