Add an ACL check to allow trace downloads to be blocked
authorTom Hughes <tom@compton.nu>
Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)
app/controllers/trace_controller.rb

index cdfa5e3cbe76f60b460fb1e8843225b6a00a101d..f206bb99f498ea5f1fc1598651d17364a9971f92 100644 (file)
@@ -163,7 +163,9 @@ class TraceController < ApplicationController
     trace = Trace.find(params[:id])
 
     if trace.visible? and (trace.public? or (@user and @user == trace.user))
-      if request.format == Mime::XML
+      if Acl.address(request.remote_ip).where(:k => "no_trace_download").exists?
+        render :nothing => true, :status => :forbidden
+      elsif request.format == Mime::XML
         send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment')
       else
         send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment')