before_filter :authorize_web
before_filter :set_locale
- before_filter :require_user, :only => [:mine, :create, :edit, :delete, :make_public]
+ before_filter :require_user, :only => [:mine, :create, :edit, :delete]
before_filter :authorize, :only => [:api_details, :api_data, :api_create]
before_filter :check_database_readable, :except => [:api_details, :api_data, :api_create]
- before_filter :check_database_writable, :only => [:create, :edit, :delete, :make_public]
+ before_filter :check_database_writable, :only => [:create, :edit, :delete]
before_filter :check_api_readable, :only => [:api_details, :api_data]
before_filter :check_api_writable, :only => [:api_create]
+ before_filter :require_allow_read_gpx, :only => [:api_details, :api_data]
+ before_filter :require_allow_write_gpx, :only => [:api_create]
# Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.).
# target_user - if set, specifies the user to fetch traces for. if not set will fetch all traces
# 4 - user's traces, not logged in as that user = all user's public traces
if target_user.nil? # all traces
if @user
- conditions = ["(gpx_files.public = ? OR gpx_files.user_id = ?)", true, @user.id] #1
+ conditions = ["(gpx_files.visibility <> 'private' OR gpx_files.user_id = ?)", @user.id] #1
else
- conditions = ["gpx_files.public = ?", true] #2
+ conditions = ["gpx_files.visibility <> 'private'"] #2
end
else
if @user and @user == target_user
conditions = ["gpx_files.user_id = ?", @user.id] #3 (check vs user id, so no join + can't pick up non-public traces by changing name)
else
- conditions = ["gpx_files.public = ? AND gpx_files.user_id = ?", true, target_user.id] #4
+ conditions = ["gpx_files.public <> 'private' AND gpx_files.user_id = ?", target_user.id] #4
end
end
def mine
# Load the preference of whether the user set the trace public the last time
@trace = Trace.new
- if @user.preferences.find(:first, :conditions => {:k => "gps.trace.public", :v => "default"}).nil?
- @trace.public = false
+ visibility = @user.preferences.find(:first, :conditions => {:k => "gps.trace.visibility"})
+ if visibility
+ @trace.visibility = visibility.v
+ elsif @user.preferences.find(:first, :conditions => {:k => "gps.trace.public", :v => "default"}).nil?
+ @trace.visibility = "private"
else
- @trace.public = true
+ @trace.visibility = "public"
end
list(@user, "mine")
end
logger.info(params[:trace][:gpx_file].class.name)
if params[:trace][:gpx_file].respond_to?(:read)
do_create(params[:trace][:gpx_file], params[:trace][:tagstring],
- params[:trace][:description], params[:trace][:public])
+ params[:trace][:description], params[:trace][:visibility])
if @trace.id
logger.info("id is #{@trace.id}")
@trace = Trace.new({:name => "Dummy",
:tagstring => params[:trace][:tagstring],
:description => params[:trace][:description],
- :public => params[:trace][:public],
+ :visibility => params[:trace][:visibility],
:inserted => false, :user => @user,
:timestamp => Time.now.getutc})
@trace.valid?
if params[:trace]
@trace.description = params[:trace][:description]
@trace.tagstring = params[:trace][:tagstring]
+ @trace.visibility = params[:trace][:visibility]
if @trace.save
redirect_to :action => 'view'
end
render :nothing => true, :status => :not_found
end
- def make_public
- trace = Trace.find(params[:id])
-
- if @user and trace.user == @user
- if request.post? and !trace.public?
- trace.public = true
- trace.save
- flash[:notice] = t 'trace.make_public.made_public'
- redirect_to :controller => 'trace', :action => 'view', :id => params[:id]
- else
- render :nothing => true, :status => :bad_request
- end
- else
- render :nothing => true, :status => :forbidden
- end
- rescue ActiveRecord::RecordNotFound
- render :nothing => true, :status => :not_found
- end
-
def georss
- conditions = ["gpx_files.public = ?", true]
+ conditions = ["gpx_files.visibility <> 'private'"]
if params[:display_name]
conditions[0] += " AND users.display_name = ?"
if trace.inserted?
if trace.public? or (@user and @user == trace.user)
- expires_in 7.days, :private => !trace.public, :public => trace.public
+ expires_in 7.days, :private => !trace.public?, :public => trace.public?
send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline')
else
render :nothing => true, :status => :forbidden
if trace.inserted?
if trace.public? or (@user and @user == trace.user)
- expires_in 7.days, :private => !trace.public, :public => trace.public
+ expires_in 7.days, :private => !trace.public?, :public => trace.public?
send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline')
else
render :nothing => true, :status => :forbidden
if request.post?
tags = params[:tags] || ""
description = params[:description] || ""
- pub = params[:public] || false
+ visibility = params[:visibility] || false
+
+ if params[:public] && !visibility
+ visibility = "public"
+ end
if params[:file].respond_to?(:read)
- do_create(params[:file], tags, description, pub)
+ do_create(params[:file], tags, description, visibility)
if @trace.id
render :text => @trace.id.to_s, :content_type => "text/plain"
private
- def do_create(file, tags, description, public)
+ def do_create(file, tags, description, visibility)
# Sanitise the user's filename
name = file.original_filename.gsub(/[^a-zA-Z0-9.]/, '_')
:name => name,
:tagstring => tags,
:description => description,
- :public => public,
+ :visibility => visibility,
:inserted => true,
:user => @user,
:timestamp => Time.now.getutc
FileUtils.rm_f(filename)
end
- # Finally save whether the user marked the trace as being public
- if @trace.public?
- if @user.trace_public_default.nil?
- @user.preferences.create(:k => "gps.trace.public", :v => "default")
- end
+ # Finally save the user's preferred previacy level
+ if pref = @user.preferences.find(:first, :conditions => {:k => "gps.trace.visibility"})
+ pref.v = visibility
+ pref.save
else
- pref = @user.trace_public_default
- pref.destroy unless pref.nil?
+ @user.preferences.create(:k => "gps.trace.visibility", :v => visibility)
end
end
has_many :preferences, :class_name => "UserPreference"
has_many :changesets
+ has_many :client_applications
+ has_many :oauth_tokens, :class_name => "OauthToken", :order => "authorized_at desc", :include => [:client_application]
+
validates_presence_of :email, :display_name
validates_confirmation_of :email#, :message => ' addresses must match'
validates_confirmation_of :pass_crypt#, :message => ' must match the confirmation password'
return false
end
- def trace_public_default
- return self.preferences.find(:first, :conditions => {:k => "gps.trace.public", :v => "default"})
- end
-
def delete
self.active = false
self.display_name = "user_#{self.id}"
download: "Download {{changeset_xml_link}} or {{osmchange_xml_link}}"
changesetxml: "Changeset XML"
osmchangexml: "osmChange XML"
+ feed:
+ title: "Changeset {{id}}"
+ title_comment: "Changeset {{id}} - {{comment}}"
changeset_navigation:
user:
name_tooltip: "View edits by {{user}}"
edit_link: Edit this entry
diary_comment:
comment_from: "Comment from {{link_user}} at {{comment_created_at}}"
+ feed:
+ user:
+ title: "OpenStreetMap diary entries for {{user}}"
+ description: "Recent OpenStreetmap diary entries from {{user}}"
+ language:
+ title: "OpenStreetMap diary entries in {{language_name}}"
+ description: "Recent diary entries from users of OpenStreetMap in {{language_name}}"
+ all:
+ title: "OpenStreetMap diary entries"
+ description: "Recent diary entries from users of OpenStreetMap"
export:
start:
area_to_export: "Area to Export"
destination: "Destination access"
construction: "Roads under construction"
trace:
+ visibility:
+ private: "Private (only shared as anonymous, unordered points)"
+ public: "Public (shown in trace list and as anonymous, unordered points)"
+ trackable: "Trackable (only shared as anonymous, ordered points with timestamps)"
+ identifiable: "Identifiable (shown in trace list and as identifiable, ordered points with timestamps)"
create:
upload_trace: "Upload GPS Trace"
trace_uploaded: "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion."
tags: "Tags:"
tags_help: "comma delimited"
save_button: "Save Changes"
+ visibility: "Visibility:"
+ visibility_help: "what does this mean?"
+ visibility_help_url: "http://wiki.openstreetmap.org/wiki/Visibility_of_GPS_traces"
no_such_user:
title: "No such user"
heading: "The user {{user}} does not exist"
description: "Description"
tags: "Tags"
tags_help: "comma delimited"
- public: "Public?"
- public_help: "what does this mean?"
- public_help_url: "http://wiki.openstreetmap.org/wiki/Visibility_of_GPS_traces"
+ visibility: "Visibility"
+ visibility_help: "what does this mean?"
+ visibility_help_url: "http://wiki.openstreetmap.org/wiki/Visibility_of_GPS_traces"
upload_button: "Upload"
help: "Help"
help_url: "http://wiki.openstreetmap.org/wiki/Upload"
description: "Description:"
tags: "Tags:"
none: "None"
- make_public: "Make this track public permanently"
edit_track: "Edit this track"
delete_track: "Delete this track"
trace_not_found: "Trace not found!"
+ visibility: "Visibility:"
trace_paging_nav:
showing: "Showing page"
of: "of"
scheduled_for_deletion: "Track scheduled for deletion"
make_public:
made_public: "Track made public"
+ oauth:
+ client_application:
+ request_access: "The application {{app_name}} is requesting access to your account. Please check whether you would like the application to have the following capabilities. You may choose as many or as few as you like."
+ allow_to: "Allow the client application to:"
+ allow_read_prefs: "read your user preferences."
+ allow_write_prefs: "modify your user preferences."
+ allow_write_diary: "create diary entries, comments and make friends."
+ allow_write_api: "modify the map."
+ allow_read_gpx: "read your private GPS traces."
+ allow_write_gpx: "upload GPS traces."
+ new:
+ title: "Register a new application"
+ submit: "Register"
+ edit:
+ title: "Edit your application"
+ submit: "Edit"
+ show:
+ title: "OAuth details for {{app_name}}"
+ key: "Consumer Key:"
+ secret: "Consumer Secret:"
+ url: "Request Token URL:"
+ access_url: "Access Token URL:"
+ authorize_url: "Authorise URL:"
+ support_notice: "We support hmac-sha1 (recommended) as well as plain text in ssl mode."
+ edit: "Edit Details"
+ requests: "Requesting the following permissions from the user:"
+ allow_read_prefs: "read their user preferences."
+ allow_write_prefs: "modify their user preferences."
+ allow_write_diary: "create diary entries, comments and make friends."
+ allow_write_api: "modify the map."
+ allow_read_gpx: "read their private GPS traces."
+ allow_write_gpx: "upload GPS traces."
+ index:
+ title: "My OAuth Details"
+ my_tokens: "My Authorised Applications"
+ list_tokens: "The following tokens have been issued to applications in your name:"
+ application: "Application Name"
+ issued_at: "Issued At"
+ revoke: "Revoke!"
+ my_apps: "My Client Applications"
+ no_apps: "Do you have an application you would like to register for use with us using the {{oauth}} standard? You must register your web application before it can make OAuth requests to this service."
+ registered_apps: "You have the following client applications registered:"
+ register_new: "Register your application"
+ form:
+ name: "Name"
+ required: "Required"
+ url: "Main Application URL"
+ callback_url: "Callback URL"
+ support_url: "Support URL"
+ requests: "Request the following permissions from the user:"
+ allow_read_prefs: "read their user preferences."
+ allow_write_prefs: "modify their user preferences."
+ allow_write_diary: "create diary entries, comments and make friends."
+ allow_write_api: "modify the map."
+ allow_read_gpx: "read their private GPS traces."
+ allow_write_gpx: "upload GPS traces."
+ not_found: "Sorry, that {{type}} could not be found."
user:
login:
title: "Login"
nearby users: "Nearby users: "
no nearby users: "There are no users who admit to mapping nearby yet."
change your settings: change your settings
+ my_oauth_details: "View my OAuth details"
friend_map:
your location: Your location
nearby mapper: "Nearby mapper: "
map.connect '/trace/:id/data.:format', :controller => 'trace', :action => 'data'
map.connect '/trace/:id/edit', :controller => 'trace', :action => 'edit'
map.connect '/trace/:id/delete', :controller => 'trace', :action => 'delete'
- map.connect '/trace/:id/make_public', :controller => 'trace', :action => 'make_public'
map.connect '/user/:display_name/traces', :controller => 'trace', :action => 'list'
map.connect '/user/:display_name/traces/page/:page', :controller => 'trace', :action => 'list'
map.connect '/user/:display_name/traces/rss', :controller => 'trace', :action => 'georss'
map.connect '/export/finish', :controller => 'export', :action => 'finish'
# messages
-
map.connect '/user/:display_name/inbox', :controller => 'message', :action => 'inbox'
map.connect '/user/:display_name/outbox', :controller => 'message', :action => 'outbox'
map.connect '/message/new/:display_name', :controller => 'message', :action => 'new'
map.connect '/message/reply/:message_id', :controller => 'message', :action => 'reply'
map.connect '/message/delete/:message_id', :controller => 'message', :action => 'delete'
+ # oauth admin pages (i.e: for setting up new clients, etc...)
+ map.resources :oauth_clients, :path_prefix => '/user/:display_name'
+ map.connect '/oauth/revoke', :controller => 'oauth', :action => 'revoke'
+ map.authorize '/oauth/authorize', :controller => 'oauth', :action => 'oauthorize'
+ map.request_token '/oauth/request_token', :controller => 'oauth', :action => 'request_token'
+ map.access_token '/oauth/access_token', :controller => 'oauth', :action => 'access_token'
+ map.test_request '/oauth/test_request', :controller => 'oauth', :action => 'test_request'
+
# fall through
map.connect ':controller/:id/:action'
map.connect ':controller/:action'
--- /dev/null
+class CreateOauthTables < ActiveRecord::Migration
+ def self.up
+ create_table :client_applications do |t|
+ t.string :name
+ t.string :url
+ t.string :support_url
+ t.string :callback_url
+ t.string :key, :limit => 50
+ t.string :secret, :limit => 50
+ t.integer :user_id
+
+ t.timestamps
+ end
+ add_index :client_applications, :key, :unique => true
+
+ create_table :oauth_tokens do |t|
+ t.integer :user_id
+ t.string :type, :limit => 20
+ t.integer :client_application_id
+ t.string :token, :limit => 50
+ t.string :secret, :limit => 50
+ t.timestamp :authorized_at, :invalidated_at
+ t.timestamps
+ end
+
+ add_index :oauth_tokens, :token, :unique => true
+
+ create_table :oauth_nonces do |t|
+ t.string :nonce
+ t.integer :timestamp
+
+ t.timestamps
+ end
+ add_index :oauth_nonces, [:nonce, :timestamp], :unique => true
+
+ end
+
+ def self.down
+ drop_table :client_applications
+ drop_table :oauth_tokens
+ drop_table :oauth_nonces
+ end
+
+end
--- /dev/null
+class AddFineOAuthPermissions < ActiveRecord::Migration
+ PERMISSIONS = [:allow_read_prefs, :allow_write_prefs, :allow_write_diary,
+ :allow_write_api, :allow_read_gpx, :allow_write_gpx ]
+
+ def self.up
+ PERMISSIONS.each do |perm|
+ # add fine-grained permissions columns for OAuth tokens, allowing people to
+ # give permissions to parts of the site only.
+ add_column :oauth_tokens, perm, :boolean, :null => false, :default => false
+
+ # add fine-grained permissions columns for client applications, allowing the
+ # client applications to request particular privileges.
+ add_column :client_applications, perm, :boolean, :null => false, :default => false
+ end
+ end
+
+ def self.down
+ PERMISSIONS.each do |perm|
+ remove_column :oauth_tokens, perm
+ remove_column :client_applications, perm
+ end
+ end
+end
--- /dev/null
+require 'lib/migrate'
+
+class AddForeignKeysToOauthTables < ActiveRecord::Migration
+ def self.up
+ add_foreign_key :oauth_tokens, [:user_id], :users, [:id]
+ add_foreign_key :oauth_tokens, [:client_application_id], :client_applications, [:id]
+ add_foreign_key :client_applications, [:user_id], :users, [:id]
+ end
+
+ def self.down
+ remove_foreign_key :oauth_tokens, [:user_id], :users
+ remove_foreign_key :oauth_tokens, [:client_application_id], :client_applications
+ remove_foreign_key :client_applications, [:user_id], :users
+ end
+end