From 44051f30d8a65a49a8db020bedefa632a446c666 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 16 Aug 2007 23:04:18 +0000 Subject: [PATCH] Make the gpx/id/data API call work, and make gpx/create a POST method so arguments can be handled more robustly. --- app/controllers/trace_controller.rb | 84 +++++++++++++++-------------- app/models/trace.rb | 1 + config/routes.rb | 2 +- 3 files changed, 46 insertions(+), 41 deletions(-) diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 66583459b..2001fdb2f 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -151,66 +151,70 @@ class TraceController < ApplicationController end def picture - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) - if trace.public? or (@user and @user == trace.user) - send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') - else - render :nothing, :status => :forbidden - end - rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error + if trace.public? or (@user and @user == trace.user) + send_file(trace.large_picture_name, :filename => "#{trace.id}.gif", :type => 'image/gif', :disposition => 'inline') + else + render :nothing, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def icon - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) - if trace.public? or (@user and @user == trace.user) - send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') - else - render :nothing, :status => :forbidden - end - rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error + if trace.public? or (@user and @user == trace.user) + send_file(trace.icon_picture_name, :filename => "#{trace.id}_icon.gif", :type => 'image/gif', :disposition => 'inline') + else + render :nothing, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_details - begin - trace = Trace.find(params[:id]) + trace = Trace.find(params[:id]) - if trace.public? or trace.user == @user - render :text => trace.to_xml.to_s, :content_type => "text/xml" - else - render :nothing => true, :status => :forbidden - end - rescue ActiveRecord::RecordNotFound - render :nothing => true, :status => :not_found - rescue - render :nothing => true, :status => :internal_server_error + if trace.public? or trace.user == @user + render :text => trace.to_xml.to_s, :content_type => "text/xml" + else + render :nothing => true, :status => :forbidden end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_data - render :action => 'data' + trace = Trace.find(params[:id]) + + if trace.public? or trace.user == @user + send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment') + else + render :nothing => true, :status => :forbidden + end + rescue ActiveRecord::RecordNotFound + render :nothing => true, :status => :not_found end def api_create - do_create(params[:filename], params[:tags], params[:description], true) do |f| - f.write(request.raw_post) - end + if request.post? + name = params[:file].original_filename.gsub(/[^a-zA-Z0-9.]/, '_') # This makes sure filenames are sane - if @trace.id - render :nothing => true + do_create(name, params[:tags], params[:description], params[:public]) do |f| + f.write(request[:file].read) + end + + if @trace.id + render :text => @trace.id.to_s, :content_type => "text/plain" + elsif @trace.valid? + render :nothing => true, :status => :internal_server_error + else + render :nothing => true, :status => :bad_request + end else - render :nothing => true, :status => :internal_server_error + render :nothing => true, :status => :method_not_allowed end end diff --git a/app/models/trace.rb b/app/models/trace.rb index 155e495a3..3eefc185d 100644 --- a/app/models/trace.rb +++ b/app/models/trace.rb @@ -3,6 +3,7 @@ class Trace < ActiveRecord::Base validates_presence_of :user_id, :name, :timestamp validates_presence_of :description, :on => :create + validates_format_of :tagstring, :with => /^[^\/;.,?]*$/ # validates_numericality_of :latitude, :longitude validates_inclusion_of :public, :inserted, :in => [ true, false] diff --git a/config/routes.rb b/config/routes.rb index ae7acc199..482c5c6cb 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -37,7 +37,7 @@ ActionController::Routing::Routes.draw do |map| map.connect "api/#{API_VERSION}/user/details", :controller => 'user', :action => 'api_details' map.connect "api/#{API_VERSION}/user/gpx_files", :controller => 'user', :action => 'api_gpx_files' - map.connect "api/#{API_VERSION}/gpx/create/:filename/:description/:tags", :controller => 'trace', :action => 'api_create' + map.connect "api/#{API_VERSION}/gpx/create", :controller => 'trace', :action => 'api_create' map.connect "api/#{API_VERSION}/gpx/:id/details", :controller => 'trace', :action => 'api_details' map.connect "api/#{API_VERSION}/gpx/:id/data", :controller => 'trace', :action => 'api_data' -- 2.43.2