From: Thomas Wood Date: Fri, 23 Jan 2009 01:19:45 +0000 (+0000) Subject: Require auth on calls to /trace/create, and pass through to form if called without... X-Git-Tag: live~7604^2~74 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/9bb9de0fbe307304ef4d0ea0dbeaac7972b71cb2?ds=sidebyside Require auth on calls to /trace/create, and pass through to form if called without params. Adjust validations on traces to prevent dual error messages on description (validates_presence_of catches the empty string removed from length validation) More changes to come for api_create References #1510 --- diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 022c304fb..47041b491 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -1,8 +1,8 @@ class TraceController < ApplicationController layout 'site' - before_filter :authorize_web - before_filter :require_user, :only => [:mine, :edit, :delete, :make_public] + before_filter :authorize_web + before_filter :require_user, :only => [:mine, :create, :edit, :delete, :make_public] before_filter :authorize, :only => [:api_details, :api_data, :api_create] before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create] before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create] @@ -99,26 +99,28 @@ class TraceController < ApplicationController end def create - logger.info(params[:trace][:gpx_file].class.name) - if params[:trace][:gpx_file].respond_to?(:read) - do_create(params[:trace][:gpx_file], params[:trace][:tagstring], - params[:trace][:description], params[:trace][:public]) + if params[:trace] + logger.info(params[:trace][:gpx_file].class.name) + if params[:trace][:gpx_file].respond_to?(:read) + do_create(params[:trace][:gpx_file], params[:trace][:tagstring], + params[:trace][:description], params[:trace][:public]) - if @trace.id - logger.info("id is #{@trace.id}") - flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." + if @trace.id + logger.info("id is #{@trace.id}") + flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." - redirect_to :action => 'mine' + redirect_to :action => 'mine' + end + else + @trace = Trace.new({:name => "Dummy", + :tagstring => params[:trace][:tagstring], + :description => params[:trace][:description], + :public => params[:trace][:public], + :inserted => false, :user => @user, + :timestamp => Time.now}) + @trace.valid? + @trace.errors.add(:gpx_file, "can't be blank") end - else - @trace = Trace.new({:name => "Dummy", - :tagstring => params[:trace][:tagstring], - :description => params[:trace][:description], - :public => params[:trace][:public], - :inserted => false, :user => @user, - :timestamp => Time.now}) - @trace.valid? - @trace.errors.add(:gpx_file, "can't be blank") end end diff --git a/app/models/trace.rb b/app/models/trace.rb index 1b44e2187..03dbeb0b3 100644 --- a/app/models/trace.rb +++ b/app/models/trace.rb @@ -3,8 +3,8 @@ class Trace < ActiveRecord::Base validates_presence_of :user_id, :name, :timestamp validates_presence_of :description, :on => :create - validates_length_of :name, :within => 1..255 - validates_length_of :description, :within => 1..255 + validates_length_of :name, :maximum => 255 + validates_length_of :description, :maximum => 255 # validates_numericality_of :latitude, :longitude validates_inclusion_of :public, :inserted, :in => [ true, false]