Merge remote-tracking branch 'upstream/pull/4628'

diff --git a/app/controllers/traces/icons_controller.rb b/app/controllers/traces/icons_controller.rb
index a581796548422f10464c1737741d5441d04c1108..ec67a6bb1336585735388d96709d69653c248b77 100644 (file)
--- a/app/controllers/traces/icons_controller.rb
+++ b/app/controllers/traces/icons_controller.rb
@@ -6,9 +6,9 @@ module Traces
     authorize_resource :trace
 
     def show
-      trace = Trace.find(params[:trace_id])
+      trace = Trace.visible.find(params[:trace_id])
 
-      if trace.visible? && trace.inserted?
+      if trace.inserted?
         if trace.public? || (current_user && current_user == trace.user)
           if trace.icon.attached?
             redirect_to rails_blob_path(trace.icon, :disposition => "inline")

diff --git a/app/controllers/traces/pictures_controller.rb b/app/controllers/traces/pictures_controller.rb
index aeac7df868aae3bbaa7419db45720b4070a3ce18..0e0d588cb7410a8c781d41380f0fa316fc039fbb 100644 (file)
--- a/app/controllers/traces/pictures_controller.rb
+++ b/app/controllers/traces/pictures_controller.rb
@@ -6,9 +6,9 @@ module Traces
     authorize_resource :trace
 
     def show
-      trace = Trace.find(params[:trace_id])
+      trace = Trace.visible.find(params[:trace_id])
 
-      if trace.visible? && trace.inserted?
+      if trace.inserted?
         if trace.public? || (current_user && current_user == trace.user)
           if trace.icon.attached?
             redirect_to rails_blob_path(trace.image, :disposition => "inline")

diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb
index f717d6943464dfcbc02bdcab2bd9efb79a3e4927..5bee44886716448fbcd715dc893c981341b5984b 100644 (file)
--- a/app/controllers/traces_controller.rb
+++ b/app/controllers/traces_controller.rb
@@ -68,10 +68,9 @@ class TracesController < ApplicationController
   end
 
   def show
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
-    if @trace&.visible? &&
-       (@trace&.public? || @trace&.user == current_user)
+    if @trace.public? || @trace.user == current_user
       @title = t ".title", :name => @trace.name
     else
       flash[:error] = t ".trace_not_found"
@@ -88,11 +87,9 @@ class TracesController < ApplicationController
   end
 
   def edit
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
-    if !@trace.visible?
-      head :not_found
-    elsif current_user.nil? || @trace.user != current_user
+    if current_user.nil? || @trace.user != current_user
       head :forbidden
     else
       @title = t ".title", :name => @trace.name
@@ -136,11 +133,9 @@ class TracesController < ApplicationController
   end
 
   def update
-    @trace = Trace.find(params[:id])
+    @trace = Trace.visible.find(params[:id])
 
-    if !@trace.visible?
-      head :not_found
-    elsif current_user.nil? || @trace.user != current_user
+    if current_user.nil? || @trace.user != current_user
       head :forbidden
     elsif @trace.update(trace_params)
       flash[:notice] = t ".updated"
@@ -154,11 +149,9 @@ class TracesController < ApplicationController
   end
 
   def destroy
-    trace = Trace.find(params[:id])
+    trace = Trace.visible.find(params[:id])
 
-    if !trace.visible?
-      head :not_found
-    elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
+    if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
       head :forbidden
     else
       trace.visible = false
@@ -176,9 +169,9 @@ class TracesController < ApplicationController
   end
 
   def data
-    trace = Trace.find(params[:id])
+    trace = Trace.visible.find(params[:id])
 
-    if trace.visible? && (trace.public? || (current_user && current_user == trace.user))
+    if trace.public? || (current_user && current_user == trace.user)
       if Acl.no_trace_download(request.remote_ip)
         head :forbidden
       elsif request.format == Mime[:xml]