Add an ACL check to allow trace downloads to be blocked

author Tom Hughes <tom@compton.nu>

Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)
diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb

index cdfa5e3cbe76f60b460fb1e8843225b6a00a101d..f206bb99f498ea5f1fc1598651d17364a9971f92 100644 (file)
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@@ -163,7 +163,9 @@ class TraceController < ApplicationController
      trace = Trace.find(params[:id])
  
      if trace.visible? and (trace.public? or (@user and @user == trace.user))
-      if request.format == Mime::XML
+      if Acl.address(request.remote_ip).where(:k => "no_trace_download").exists?
+        render :nothing => true, :status => :forbidden
+      elsif request.format == Mime::XML
          send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment')
        else
          send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment')
author	Tom Hughes <tom@compton.nu>
	Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 17 Jan 2012 17:43:32 +0000 (17:43 +0000)