From 9bb9de0fbe307304ef4d0ea0dbeaac7972b71cb2 Mon Sep 17 00:00:00 2001 From: Thomas Wood Date: Fri, 23 Jan 2009 01:19:45 +0000 Subject: [PATCH] Require auth on calls to /trace/create, and pass through to form if called without params. Adjust validations on traces to prevent dual error messages on description (validates_presence_of catches the empty string removed from length validation) More changes to come for api_create References #1510 --- app/controllers/trace_controller.rb | 40 +++++++++++++++-------------- app/models/trace.rb | 4 +-- 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index 022c304fb..47041b491 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -1,8 +1,8 @@ class TraceController < ApplicationController layout 'site' - before_filter :authorize_web - before_filter :require_user, :only => [:mine, :edit, :delete, :make_public] + before_filter :authorize_web + before_filter :require_user, :only => [:mine, :create, :edit, :delete, :make_public] before_filter :authorize, :only => [:api_details, :api_data, :api_create] before_filter :check_database_availability, :except => [:api_details, :api_data, :api_create] before_filter :check_read_availability, :only => [:api_details, :api_data, :api_create] @@ -99,26 +99,28 @@ class TraceController < ApplicationController end def create - logger.info(params[:trace][:gpx_file].class.name) - if params[:trace][:gpx_file].respond_to?(:read) - do_create(params[:trace][:gpx_file], params[:trace][:tagstring], - params[:trace][:description], params[:trace][:public]) + if params[:trace] + logger.info(params[:trace][:gpx_file].class.name) + if params[:trace][:gpx_file].respond_to?(:read) + do_create(params[:trace][:gpx_file], params[:trace][:tagstring], + params[:trace][:description], params[:trace][:public]) - if @trace.id - logger.info("id is #{@trace.id}") - flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." + if @trace.id + logger.info("id is #{@trace.id}") + flash[:notice] = "Your GPX file has been uploaded and is awaiting insertion in to the database. This will usually happen within half an hour, and an email will be sent to you on completion." - redirect_to :action => 'mine' + redirect_to :action => 'mine' + end + else + @trace = Trace.new({:name => "Dummy", + :tagstring => params[:trace][:tagstring], + :description => params[:trace][:description], + :public => params[:trace][:public], + :inserted => false, :user => @user, + :timestamp => Time.now}) + @trace.valid? + @trace.errors.add(:gpx_file, "can't be blank") end - else - @trace = Trace.new({:name => "Dummy", - :tagstring => params[:trace][:tagstring], - :description => params[:trace][:description], - :public => params[:trace][:public], - :inserted => false, :user => @user, - :timestamp => Time.now}) - @trace.valid? - @trace.errors.add(:gpx_file, "can't be blank") end end diff --git a/app/models/trace.rb b/app/models/trace.rb index 1b44e2187..03dbeb0b3 100644 --- a/app/models/trace.rb +++ b/app/models/trace.rb @@ -3,8 +3,8 @@ class Trace < ActiveRecord::Base validates_presence_of :user_id, :name, :timestamp validates_presence_of :description, :on => :create - validates_length_of :name, :within => 1..255 - validates_length_of :description, :within => 1..255 + validates_length_of :name, :maximum => 255 + validates_length_of :description, :maximum => 255 # validates_numericality_of :latitude, :longitude validates_inclusion_of :public, :inserted, :in => [ true, false] -- 2.43.2