X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/bcd2592ce98dbf6798a9a1c28cf583ff327cabf5..c3c9d047ba9364392199ed903b256e4124b5e65a:/app/controllers/trace_controller.rb diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 9d0e05530..790acce1d 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -166,8 +166,13 @@ class TraceController < ApplicationController def edit @trace = Trace.find(params[:id]) - if @user and @trace.user == @user + if not @trace.visible? + render :text => "", :status => :not_found + elsif @user.nil? or @trace.user != @user + render :text => "", :status => :forbidden + else @title = t 'trace.edit.title', :name => @trace.name + if params[:trace] @trace.description = params[:trace][:description] @trace.tagstring = params[:trace][:tagstring] @@ -176,8 +181,6 @@ class TraceController < ApplicationController redirect_to :action => 'view', :display_name => @user.display_name end end - else - render :text => "", :status => :forbidden end rescue ActiveRecord::RecordNotFound render :text => "", :status => :not_found @@ -186,17 +189,15 @@ class TraceController < ApplicationController def delete trace = Trace.find(params[:id]) - if @user and trace.user == @user - if trace.visible? - trace.visible = false - trace.save - flash[:notice] = t 'trace.delete.scheduled_for_deletion' - redirect_to :action => :list, :display_name => @user.display_name - else - render :text => "", :status => :not_found - end - else + if not trace.visible? + render :text => "", :status => :not_found + elsif @user.nil? or trace.user != @user render :text => "", :status => :forbidden + else + trace.visible = false + trace.save + flash[:notice] = t 'trace.delete.scheduled_for_deletion' + redirect_to :action => :list, :display_name => @user.display_name end rescue ActiveRecord::RecordNotFound render :text => "", :status => :not_found