Don't expose lat/lon of private traces
authorJohn Firebaugh <john.firebaugh@gmail.com>
Fri, 21 Sep 2012 22:20:15 +0000 (15:20 -0700)
committerJohn Firebaugh <john.firebaugh@gmail.com>
Fri, 21 Sep 2012 22:29:02 +0000 (15:29 -0700)
app/controllers/site_controller.rb

index 72fe3b241a374e4c514fdd5ce3b76ccd46254245..606143f4f9ceaaa48fe79c40a1d6def05216f0a9 100644 (file)
@@ -51,7 +51,7 @@ class SiteController < ApplicationController
       @lat = bbox.centre_lat
       @lon = bbox.centre_lon
     elsif params[:gpx]
-      trace = Trace.find(params[:gpx])
+      trace = Trace.visible_to(@user).find(params[:gpx])
       @lat = trace.latitude
       @lon = trace.longitude
     end