From: Tom Hughes <tom@compton.nu>
Date: Tue, 17 Jan 2012 17:43:32 +0000 (+0000)
Subject: Add an ACL check to allow trace downloads to be blocked
X-Git-Tag: live~5895
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/8ba74c581dff4c66cbe07f94f4283298bb46f22c?hp=0465fda75a244123ae35e6ca34f9e1fff4232efa

Add an ACL check to allow trace downloads to be blocked
---

diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb
index cdfa5e3cb..f206bb99f 100644
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@@ -163,7 +163,9 @@ class TraceController < ApplicationController
     trace = Trace.find(params[:id])
 
     if trace.visible? and (trace.public? or (@user and @user == trace.user))
-      if request.format == Mime::XML
+      if Acl.address(request.remote_ip).where(:k => "no_trace_download").exists?
+        render :nothing => true, :status => :forbidden
+      elsif request.format == Mime::XML
         send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment')
       else
         send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment')