From: Tom Hughes <tom@compton.nu>
Date: Thu, 16 Apr 2009 21:11:12 +0000 (+0000)
Subject: Merge 14394:14533 from trunk.
X-Git-Tag: live~7601^2~10
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/5449cf4adcc1fad4b9f43426e6d3e4a8f65e6fbb?ds=inline

Merge 14394:14533 from trunk.
---

5449cf4adcc1fad4b9f43426e6d3e4a8f65e6fbb
diff --cc app/controllers/amf_controller.rb
index 1ee5e9cee,7f85280b7..de3c7583b
--- a/app/controllers/amf_controller.rb
+++ b/app/controllers/amf_controller.rb
@@@ -37,11 -28,8 +37,11 @@@ class AmfController < ApplicationContro
  
    include Potlatch
  
 +  # Help methods for checking boundary sanity and area size
 +  include MapBoundary
 +
    session :off
-   before_filter :check_write_availability
+   before_filter :check_api_writable
  
    # Main AMF handlers: process the raw AMF string (using AMF library) and
    # calls each action (private method) accordingly.
diff --cc app/controllers/message_controller.rb
index a04aa82c0,d6e5d7fda..8f866e512
--- a/app/controllers/message_controller.rb
+++ b/app/controllers/message_controller.rb
@@@ -3,19 -3,16 +3,21 @@@ class MessageController < ApplicationCo
  
    before_filter :authorize_web
    before_filter :require_user
+   before_filter :check_database_readable
+   before_filter :check_database_writable, :only => [:new, :reply, :mark]
  
 +  # Allow the user to write a new message to another user. This action also 
 +  # deals with the sending of that message to the other user when the user
 +  # clicks send.
 +  # The user_id param is the id of the user that the message is being sent to.
    def new
      @title = 'send message'
 +    @to_user = User.find(params[:user_id])
      if params[:message]
        @message = Message.new(params[:message])
 -      @message.to_user_id = params[:user_id]
 +      @message.to_user_id = @to_user.id
        @message.from_user_id = @user.id
 -      @message.sent_on = Time.now
 +      @message.sent_on = Time.now.getutc
     
        if @message.save
          flash[:notice] = 'Message sent'
diff --cc app/controllers/trace_controller.rb
index b52be7f34,3942cb7fe..0603567c4
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@@@ -1,11 -1,13 +1,13 @@@
  class TraceController < ApplicationController
    layout 'site'
  
 -  before_filter :authorize_web  
 -  before_filter :require_user, :only => [:mine, :edit, :delete, :make_public]
 +  before_filter :authorize_web
 +  before_filter :require_user, :only => [:mine, :create, :edit, :delete, :make_public]
    before_filter :authorize, :only => [:api_details, :api_data, :api_create]
-   before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create]
-   before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create]
+   before_filter :check_database_readable, :except => [:api_details, :api_data, :api_create]
+   before_filter :check_database_writable, :only => [:create, :edit, :delete, :make_public]
+   before_filter :check_api_readable, :only => [:api_details, :api_data]
+   before_filter :check_api_writable, :only => [:api_create]
   
    # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.).
    #  target_user - if set, specifies the user to fetch traces for.  if not set will fetch all traces