DG MS; 404 show pages for objects that don't exist for given user

2010-10-11 11:32:20 -07:00 · 2010-10-11 11:32:20 -07:00 · 9162a4a168
commit 9162a4a168
parent c630d3db6f
7 changed files with 41 additions and 29 deletions
--- a/app/controllers/albums_controller.rb
+++ b/app/controllers/albums_controller.rb
@ -37,9 +37,13 @@ class AlbumsController < ApplicationController
  def show
    @photo = Photo.new
    @album = current_user.find_visible_post_by_id( params[:id] )
+    unless @album
+      render :file => "#{Rails.root}/public/404.html", :layout => false, :status => 404
+    else
      @album_photos = @album.photos
      respond_with @album
    end
+  end

  def edit
    @album = current_user.find_visible_post_by_id params[:id]
--- a/app/controllers/aspects_controller.rb
+++ b/app/controllers/aspects_controller.rb
@ -42,10 +42,14 @@ class AspectsController < ApplicationController

  def show
    @aspect = current_user.aspect_by_id params[:id]
+    unless @aspect
+      render :file => "#{Rails.root}/public/404.html", :layout => false, :status => 404
+    else
      @friends = @aspect.people
      @posts   = current_user.visible_posts( :by_members_of => @aspect ).paginate :per_page => 15, :order => 'created_at DESC'
      respond_with @aspect
    end
+  end

  def public
   # @fb_access_url = MiniFB.oauth_url(FB_APP_ID, APP_CONFIG[:pod_url] + "services/create",
--- a/app/controllers/people_controller.rb
+++ b/app/controllers/people_controller.rb
@ -17,19 +17,10 @@ class PeopleController < ApplicationController
  end

  def show
-    begin
    @person = current_user.visible_person_by_id(params[:id])
-    rescue BSON::InvalidObjectId
-      flash[:error] = "Person not found."
-      redirect_to people_path
-      return
-    end
    unless @person
-      flash[:error] = "Person not found."
-      redirect_to people_path
-      return
-    end
-
+      render :file => "#{Rails.root}/public/404.html", :layout => false, :status => 404
+    else
      @profile = @person.profile
      @aspects_with_person = current_user.aspects_with_person(@person)
      @aspects_dropdown_array = current_user.aspects.collect{|x| [x.to_s, x.id]}
@ -38,6 +29,7 @@ class PeopleController < ApplicationController
      @post_count = @posts.count
      respond_with @person
    end
+  end

  def destroy
    current_user.unfriend(current_user.visible_person_by_id(params[:id]))
--- a/app/controllers/photos_controller.rb
+++ b/app/controllers/photos_controller.rb
@ -76,9 +76,13 @@ class PhotosController < ApplicationController

  def show
    @photo = current_user.find_visible_post_by_id params[:id]
+    unless @photo
+      render :file => "#{Rails.root}/public/404.html", :layout => false, :status => 404
+    else
      @album = @photo.album
      respond_with @photo, @album
    end
+  end

  def edit
    @photo = current_user.find_visible_post_by_id params[:id]
--- a/app/controllers/status_messages_controller.rb
+++ b/app/controllers/status_messages_controller.rb
@ -33,8 +33,12 @@ class StatusMessagesController < ApplicationController

  def show
    @status_message = current_user.find_visible_post_by_id params[:id]
+    unless @status_message
+      render :status => 404
+    else
      respond_with @status_message
    end
+  end

  private
  def clean_hash(params)
--- a/lib/diaspora/user/querying.rb
+++ b/lib/diaspora/user/querying.rb
@ -7,7 +7,7 @@ module Diaspora
    module Querying

      def find_visible_post_by_id( id )
-        self.raw_visible_posts.find id
+        self.raw_visible_posts.find id.to_id
      end

      def visible_posts( opts = {} )
--- a/lib/mongo_mapper/bson_id.rb
+++ b/lib/mongo_mapper/bson_id.rb
@ -4,7 +4,11 @@

 class String
  def to_id
+    begin
      BSON::ObjectId self
+    rescue
+      nil
+    end
  end
 end
 class BSON::ObjectId