Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

more rails 2.3 fixes, security fixes for controllers, reconcile topic…

…s_count, add 'follows' to replace 'mostly_listens_to'
  • Loading branch information...
commit 4ce831bd4cdd7dbc01f3b7ac2d58239ae45a97c2 1 parent cb94214
Sudara sudara authored
Showing with 74 additions and 42 deletions.
  1. +4 −4 app/controllers/application_controller.rb
  2. +6 −2 app/controllers/assets_controller.rb
  3. +4 −3 app/controllers/playlists_controller.rb
  4. +2 −2 app/controllers/users_controller.rb
  5. +1 −1  app/helpers/application_helper.rb
  6. +1 −1  app/helpers/users_helper.rb
  7. +2 −2 app/models/topic.rb
  8. +1 −1  app/models/user.rb
  9. +2 −1  app/models/user/posting.rb
  10. +1 −1  app/views/assets/_asset_layout.html.erb
  11. +1 −1  app/views/assets/_asset_tabs.html.erb
  12. +2 −2 app/views/assets/_big_share.html.erb
  13. +1 −1  app/views/assets/_edit.html.erb
  14. +1 −1  app/views/features/show.html.erb
  15. +1 −1  app/views/forums/index.html.erb
  16. +1 −1  app/views/forums/show.html.erb
  17. +1 −1  app/views/pages/itunes.html.haml
  18. +1 −1  app/views/playlists/show.xml.builder
  19. +1 −1  app/views/shared/_asset.rss.builder
  20. +1 −1  app/views/topics/show.html.erb
  21. +19 −0 app/views/users/_follows.html.erb
  22. +1 −1  app/views/users/_map.html.erb
  23. +0 −8 app/views/users/_mostly_listens_to.html.erb
  24. +1 −1  app/views/users/show.html.erb
  25. +1 −1  app/views/users/show.xml.builder
  26. +2 −1  config/environments/production.rb
  27. +10 −0 db/migrate/20090322145712_reconcile_forum_topic_counts.rb
  28. +1 −1  public/stylesheets/sass/alonetone.sass
  29. +4 −0 public/stylesheets/sass/tabs.sass
8 app/controllers/application_controller.rb
View
@@ -1,7 +1,7 @@
class ApplicationController < ActionController::Base
helper :all # all helpers, all the time
- protect_from_forgery :secret => ALONETONE.secret
+ protect_from_forgery
include AuthenticatedSystem
before_filter :set_tab, :ie6, :is_sudo
@@ -82,7 +82,7 @@ def find_user
end
def current_user_is_admin_or_owner?(user)
- logged_in? && (current_user.id.to_s == user.id.to_s || current_user.admin?)
+ logged_in? && ((current_user.id == user.id) || current_user.admin?)
end
def current_user_is_admin_or_moderator_or_owner?(user)
@@ -90,8 +90,8 @@ def current_user_is_admin_or_moderator_or_owner?(user)
end
def find_asset
- @asset = @user.assets.find_by_permalink(params[:permalink] || params[:id])
- @asset = @user.assets.find(params[:id]) if !@asset && params[:id]
+ @asset = Asset.find_by_permalink(params[:permalink] || params[:id])
+ @asset = Asset.find(params[:id]) if !@asset && params[:id]
end
def find_playlists
8 app/controllers/assets_controller.rb
View
@@ -209,7 +209,7 @@ def update
end
else
if result
- redirect_to user_track_url(current_user, @asset)
+ redirect_to user_track_url(@asset.user.login, @asset.permalink)
else
flash[:error] = "There was an issue with updating that track"
render :action => "edit"
@@ -251,7 +251,11 @@ def find_referer
def authorized?
# admin or the owner of the asset can edit/update/delete
- params[:permalink].nil? || current_user_is_admin_or_owner?(@asset.user)
+ current_user_is_admin_or_owner?(@asset.user) || !dangerous_action?
+ end
+
+ def dangerous_action?
+ %w(destroy update edit mass_edit).include? action_name
end
def register_listen
7 app/controllers/playlists_controller.rb
View
@@ -6,8 +6,8 @@ class PlaylistsController < ApplicationController
before_filter :find_tracks, :only => [:show, :edit]
- rescue_from ActiveRecord::RecordNotFound, :with => :not_found
- rescue_from NoMethodError, :with => :user_not_found
+ #rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+ #rescue_from NoMethodError, :with => :user_not_found
# GET /playlists
# GET /playlists.xml
@@ -81,6 +81,7 @@ def new
def edit
# allow them to add their own assets
# TODO: this is bad form, should be relocated to assets/index and listens/index
+ # TODO: furthermore, ajax requests currently load all 3 instance vars :(
@assets = @user.assets.paginate( :all,
:limit => 10,
:per_page => 10,
@@ -95,7 +96,7 @@ def edit
:page => params[:listens_page]
)
- @favorites = Track.favorites.paginate_all_by_user_id(@user.id,
+ @favorites = @user.favorites.tracks.paginate(:all,
:limit => 10,
:per_page => 10,
:page => params[:favorites_page]
4 app/controllers/users_controller.rb
View
@@ -53,10 +53,10 @@ def show
@listens = @user.listens.find(:all, :limit =>5)
@track_plays = @user.track_plays.from_user.find(:all, :limit =>10)
@favorites = Track.favorites.find_all_by_user_id(@user.id, :limit => 5)
- @mostly_listens_to = @user.mostly_listens_to
@comments = @user.comments.public.find(:all, :limit => 5) unless display_private_comments_of?(@user)
@comments = @user.comments.include_private.find(:all, :limit => 5) if display_private_comments_of?(@user)
-
+ @follows = @user.followees
+ @mostly_listens_to = @user.mostly_listens_to
render
end
format.xml { @assets = @user.assets.find(:all, :order => 'created_at DESC', :limit => (params[:limit] || 10))}
2  app/helpers/application_helper.rb
View
@@ -60,7 +60,7 @@ def awesome_truncate(text, length = 30, truncate_string = "...")
end
def link_to_play(asset, referer=nil)
- link_to ' ', formatted_user_track_path(asset.user.login, asset.permalink, :mp3, :referer => referer), :id=>"play-#{asset.unique_id}", :class => 'play_link', :title => 'click to play the mp3'
+ link_to ' ', user_track_path(asset.user.login, asset.permalink, :format => :mp3, :referer => referer), :id=>"play-#{asset.unique_id}", :class => 'play_link', :title => 'click to play the mp3'
end
def user_nav_item(text, link, options=nil)
2  app/helpers/users_helper.rb
View
@@ -29,7 +29,7 @@ def user_location(user)
def user_image_link(user, size = :large)
link_to(image_tag(user.avatar(size),
:class => (user.has_pic? ? '' : 'no_border'),
- :alt => "#{user.name} on alonetone"),
+ :alt => "#{user.name}"),
user_home_path(user),
:title => " #{user.name}
#{user.assets_count > 0 ? pluralize(user.assets_count,'uploaded tracks') : ''}
4 app/models/topic.rb
View
@@ -87,8 +87,8 @@ def check_for_moved_forum
def set_post_forum_id
return unless @old_forum_id
posts.update_all :forum_id => forum_id
- Forum.update_all "posts_count = posts_count - #{posts_count}", ['id = ?', @old_forum_id]
- Forum.update_all "posts_count = posts_count + #{posts_count}", ['id = ?', forum_id]
+ Forum.decrement_counter(:topics_count, @old_forum_id)
+ Forum.increment_counter(:topics_count, forum_id)
end
def count_user_posts_for_counter_cache
2  app/models/user.rb
View
@@ -79,7 +79,7 @@ class User < ActiveRecord::Base
has_many :followers, :through => :followings
# musicians who this person follows
- has_many :followees, :through => :follows, :source => :follower
+ has_many :followees, :through => :follows, :source => :user
# The following attributes can be changed via mass assignment
attr_accessible :login, :email, :password, :password_confirmation, :website, :myspace,
3  app/models/user/posting.rb
View
@@ -51,8 +51,9 @@ def self.index_from(records)
protected
def revise_topic(topic, attributes)
- topic.forum_id = attributes[:forum_id] \
if attributes[:forum_id]
+ topic.forum_id = attributes[:forum_id]
+ end
topic.title = attributes[:title] \
if attributes[:title]
2  app/views/assets/_asset_layout.html.erb
View
@@ -14,5 +14,5 @@
</div>
<div class="download-button button">
- <%= link_to ' ', formatted_user_track_path(asset.user, asset.permalink, :mp3, :referer => 'download'), :class=> 'download button', :title => "right-click to download mp3" %>
+ <%= link_to ' ', user_track_path(asset.user, asset.permalink, :format => :mp3, :referer => 'download'), :class=> 'download button', :title => "right-click to download mp3" %>
</div>
2  app/views/assets/_asset_tabs.html.erb
View
@@ -19,7 +19,7 @@
<div class='min_height_50'>
<h3><%=h asset.name %></h3>
<%= awesome_truncate((asset.description), 260,
- ('... '+link_to('(more)',user_track_path(asset.user, asset)))) %>
+ ('... '+link_to('(more)',user_track_path(asset.user, asset.permalink)))) %>
<% if authorized_for(asset) && !asset.present?(:description) %>
<span class="hint">
<%= link_to 'Add a description now',edit_user_track_path(asset.user, asset),:class => :hint %>
4 app/views/assets/_big_share.html.erb
View
@@ -4,12 +4,12 @@
The link to this page (the song's "home"):<br/>
<%= text_field_tag "home_#{id}", user_track_url(@asset.user, @asset.permalink), :size => 40,:class => 'tabbed_input' %> <br/>
Direct download link:<br/>
- <%= text_field_tag "link_#{id}", formatted_user_track_url(@asset.user, @asset.permalink, :mp3), :size => 40, :class => 'tabbed_input' %>
+ <%= text_field_tag "link_#{id}", user_track_url(@asset.user, @asset.permalink, :format => :mp3), :size => 40, :class => 'tabbed_input' %>
</div>
<div class="static_content ">
<h3>Embedded Flash Player (for myspace, blog, etc)</h3>
- <%= text_area_tag 'flash_player', "<embed src=\"#{FLASH_PLAYER}\" width=\"250\" height=\"20\" allowfullscreen=\"true\" allowscriptaccess=\"always\" flashvars=\"&file=#{formatted_user_track_url(@asset.user, @asset.permalink, :mp3)}&height=20&width=250&frontcolor=0x3C3C3C&backcolor=0xf3f3f3&lightcolor=0xFF944B&screencolor=0xFF944B&showdigits=false\" />", :rows => 4, :cols =>40 %>
+ <%= text_area_tag 'flash_player', "<embed src=\"#{FLASH_PLAYER}\" width=\"250\" height=\"20\" allowfullscreen=\"true\" allowscriptaccess=\"always\" flashvars=\"&file=#{user_track_url(@asset.user, @asset.permalink, :format => :mp3)}&height=20&width=250&frontcolor=0x3C3C3C&backcolor=0xf3f3f3&lightcolor=0xFF944B&screencolor=0xFF944B&showdigits=false\" />", :rows => 4, :cols =>40 %>
(customize how it looks by visiting <%= link_to 'the setup wizard', 'http://www.jeroenwijering.com/?page=wizard&example=2'%>)
</div>
2  app/views/assets/_edit.html.erb
View
@@ -1,5 +1,5 @@
<div class="track_options">
-<%= link_to " ", destroy_user_track_path(@user, @asset), :method => :delete,
+<%= link_to " ", destroy_user_track_path(@user.login, @asset.permalink), :method => :delete,
:confirm => 'Are you sure? This will delete the song permanently, including all play history and comments.',
:class => 'delete_green'%>
</div>
2  app/views/features/show.html.erb
View
@@ -61,7 +61,7 @@
<%= render :partial => 'featured_tracks'%>
- <%= render :partial => 'users/mostly_listens_to' if @feature.featured_user.has_tracks? %>
+ <%= render :partial => 'users/follows' if @feature.featured_user.has_tracks? %>
<h2 class="box">Comments</h2>
<% @single_track = true %>
<%= render :partial => 'shared/comment', :collection => @comments %>
2  app/views/forums/index.html.erb
View
@@ -2,7 +2,7 @@
<% content_for :extras do %>
<%= topic_count %>, <%= post_count %>
- <%= feed_icon_tag "Recent Posts", formatted_posts_path(:format => 'atom') %>
+ <%= feed_icon_tag "Recent Posts", posts_path(:format => 'atom') %>
<% end %>
2  app/views/forums/show.html.erb
View
@@ -11,7 +11,7 @@
<% content_for :extras do %>
<%= pluralize @forum.topics.size, 'topics' %>,
<%= pluralize @forum.posts.size, 'posts' %>
- <%= feed_icon_tag @forum.name, formatted_forum_posts_path(@forum, :atom)%>
+ <%= feed_icon_tag @forum.name, forum_posts_path(@forum, :format => :atom)%>
<% end %>
<table border="0" cellspacing="0" cellpadding="0" class="wide topics">
2  app/views/pages/itunes.html.haml
View
@@ -21,7 +21,7 @@
= current_user.name + ':'
%br
%strong
- = formatted_user_url(current_user, :rss)
+ = user_url(current_user, :format => :rss)
- else
= link_to 'log in', login_path
and we'll show you which link you should submit.
2  app/views/playlists/show.xml.builder
View
@@ -10,7 +10,7 @@ xml.playlist(:version => 1, :xmlns => "http://xspf.org/ns/0/") do
xml.title(track.asset.name)
xml.creator(track.asset.user.name)
xml.image(@playlist.cover(:large))
- xml.location(formatted_user_track_url(track.asset.user, track.asset.permalink, :mp3))
+ xml.location(user_track_url(track.asset.user, track.asset.permalink, :format => :mp3))
xml.info(user_track_url(track.asset.user, track.asset.permalink))
end
end
2  app/views/shared/_asset.rss.builder
View
@@ -1,5 +1,5 @@
xml.item do
- url = formatted_user_track_url(asset.user, asset, :mp3, :referer => 'itunes')
+ url = user_track_url(asset.user, asset, :format => :mp3, :referer => 'itunes')
xml.title asset.name
xml.link user_track_url(asset.user, asset)
xml.guid url
2  app/views/topics/show.html.erb
View
@@ -30,7 +30,7 @@
<% content_for :extras do %>
<%= pluralize @topic.posts.size, 'post' %>,
<%= pluralize @topic.voices.size, 'person' %> talking
- <%= feed_icon_tag @topic.title, formatted_posts_path(:atom,:forum_id => @forum, :topic_id => @topic) %>
+ <%= feed_icon_tag @topic.title, posts_path(:format => :atom,:forum_id => @forum, :topic_id => @topic) %>
<% end %>
19 app/views/users/_follows.html.erb
View
@@ -0,0 +1,19 @@
+<% if present?(@follows) %>
+ <h2 class="box">Follows</h2>
+ <div id="follows" class="box static_content clearfix">
+
+ <%= render :partial => 'shared/small_user', :collection => @follows %>
+
+ <div class="clear"></div>
+ </div>
+<% else %>
+ <h2 class="box">Listens to</h2>
+ <div id="follows" class="box static_content clearfix">
+
+ <%= render :partial => 'shared/small_user', :collection => @mostly_listens_to %>
+
+ <div class="clear"></div>
+ </div>
+<% end %>
+
+<div class="footer_box empty"></div>
2  app/views/users/_map.html.erb
View
@@ -10,7 +10,7 @@
function mapit() {
var map = new google.maps.Map2(document.getElementById("map"));
- var gx = new google.maps.GeoXml("<%= formatted_users_url(:rss) %>");
+ var gx = new google.maps.GeoXml("<%= users_url(:format => :rss) %>");
map.setCenter(new google.maps.LatLng(37.4419, -122.1419), 2);
map.addControl(new google.maps.SmallMapControl(),new GControlPosition(G_ANCHOR_BOTTOM_RIGHT, new GSize(10,10)));
8 app/views/users/_mostly_listens_to.html.erb
View
@@ -1,8 +0,0 @@
-<h2 class="box">Listens to</h2>
-<div id="mostly_listens_to" class="box static_content clearfix">
-
- <%= render :partial => 'shared/small_user', :collection => @mostly_listens_to %>
-
- <div class="clear"></div>
-</div>
-<div class="footer_box empty"></div>
2  app/views/users/show.html.erb
View
@@ -26,7 +26,7 @@
<%= render :partial => 'favorites' if present?(@favorites) %>
- <%= render :partial => 'mostly_listens_to' if @mostly_listens_to.size > 2 %>
+ <%= render :partial => 'follows' if present?(@mostly_listens_to) or present?(@follows) %>
<%= render :partial => 'listens' if @listens.size > 0 %>
2  app/views/users/show.xml.builder
View
@@ -10,7 +10,7 @@ xml.playlist(:version => 1, :xmlns => "http://xspf.org/ns/0/") do
xml.title(track.name)
xml.creator(@user.name)
xml.image(@user.avatar(:album))
- xml.location(formatted_user_track_url(@user, track.permalink, :mp3))
+ xml.location(user_track_url(@user, track.permalink, :format => :mp3))
xml.info(user_track_url(@user, track.permalink))
end
end
3  config/environments/production.rb
View
@@ -24,4 +24,5 @@
}
config.action_mailer.smtp_settings = ey_smtp_settings
-config.action_mailer.delivery_method = :smtp
+config.action_mailer.delivery_method = :smtp
+config.action_view.cache_template_loading = true
10 db/migrate/20090322145712_reconcile_forum_topic_counts.rb
View
@@ -0,0 +1,10 @@
+class ReconcileForumTopicCounts < ActiveRecord::Migration
+ def self.up
+ Forum.all.each do |forum|
+ Forum.update_all "topics_count = #{forum.topics.count}", ['id = ?', forum.id]
+ end
+ end
+
+ def self.down
+ end
+end
2  public/stylesheets/sass/alonetone.sass
View
@@ -494,7 +494,7 @@
:margin-right 24px
:height 60px
-#mostly_listens_to
+#follows
:padding-bottom 0px
:margin-bottom -10px
:padding-right 0px
4 public/stylesheets/sass/tabs.sass
View
@@ -152,6 +152,10 @@ div.tabs
:top 7px
:left 15px
:height 100%
+ a
+ :width 50px
+ :height 50px
+ :overflow hidden
a img
:border 1px solid #9fa28d
:height 50px
Please sign in to comment.
Something went wrong with that request. Please try again.