cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use "visible" scope when finding traces

Browse source 
Allows to eliminate some :not_found branches.
This commit is contained in:
Anton Khorev 2024-03-27 11:20:19 +03:00
parent 99bed16f9a
commit a969e08641
3 changed files with 14 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/traces/icons_controller.rb
View file

@ -6,9 +6,9 @@ module Traces
authorize_resource :trace authorize_resource :trace
def show def show
trace = Trace.find(params[:trace_id]) trace = Trace.visible.find(params[:trace_id])
if trace.visible? && trace.inserted? if trace.inserted?
if trace.public? || (current_user && current_user == trace.user) if trace.public? || (current_user && current_user == trace.user)
if trace.icon.attached? if trace.icon.attached?
redirect_to rails_blob_path(trace.icon, :disposition => "inline") redirect_to rails_blob_path(trace.icon, :disposition => "inline")

4
app/controllers/traces/pictures_controller.rb
View file

@ -6,9 +6,9 @@ module Traces
authorize_resource :trace authorize_resource :trace
def show def show
trace = Trace.find(params[:trace_id]) trace = Trace.visible.find(params[:trace_id])
if trace.visible? && trace.inserted? if trace.inserted?
if trace.public? || (current_user && current_user == trace.user) if trace.public? || (current_user && current_user == trace.user)
if trace.icon.attached? if trace.icon.attached?
redirect_to rails_blob_path(trace.image, :disposition => "inline") redirect_to rails_blob_path(trace.image, :disposition => "inline")

27
app/controllers/traces_controller.rb
View file

@ -68,10 +68,9 @@ class TracesController < ApplicationController
end end
def show def show
@trace = Trace.find(params[:id]) @trace = Trace.visible.find(params[:id])
if @trace&.visible? && if @trace.public? || @trace.user == current_user
(@trace&.public? || @trace&.user == current_user)
@title = t ".title", :name => @trace.name @title = t ".title", :name => @trace.name
else else
flash[:error] = t ".trace_not_found" flash[:error] = t ".trace_not_found"
@ -88,11 +87,9 @@ class TracesController < ApplicationController
end end
def edit def edit
@trace = Trace.find(params[:id]) @trace = Trace.visible.find(params[:id])
if !@trace.visible? if current_user.nil? || @trace.user != current_user
head :not_found
elsif current_user.nil? || @trace.user != current_user
head :forbidden head :forbidden
else else
@title = t ".title", :name => @trace.name @title = t ".title", :name => @trace.name
@ -136,11 +133,9 @@ class TracesController < ApplicationController
end end
def update def update
@trace = Trace.find(params[:id]) @trace = Trace.visible.find(params[:id])
if !@trace.visible? if current_user.nil? || @trace.user != current_user
head :not_found
elsif current_user.nil? || @trace.user != current_user
head :forbidden head :forbidden
elsif @trace.update(trace_params) elsif @trace.update(trace_params)
flash[:notice] = t ".updated" flash[:notice] = t ".updated"
@ -154,11 +149,9 @@ class TracesController < ApplicationController
end end
def destroy def destroy
trace = Trace.find(params[:id]) trace = Trace.visible.find(params[:id])
if !trace.visible? if current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
head :not_found
elsif current_user.nil? || (trace.user != current_user && !current_user.administrator? && !current_user.moderator?)
head :forbidden head :forbidden
else else
trace.visible = false trace.visible = false
@ -176,9 +169,9 @@ class TracesController < ApplicationController
end end
def data def data
trace = Trace.find(params[:id]) trace = Trace.visible.find(params[:id])
if trace.visible? && (trace.public? || (current_user && current_user == trace.user)) if trace.public? || (current_user && current_user == trace.user)
if Acl.no_trace_download(request.remote_ip) if Acl.no_trace_download(request.remote_ip)
head :forbidden head :forbidden
elsif request.format == Mime[:xml] elsif request.format == Mime[:xml]