diff --git a/tracks/app/controllers/application.rb b/tracks/app/controllers/application.rb
index c3f41ad1..c6f2f491 100644
--- a/tracks/app/controllers/application.rb
+++ b/tracks/app/controllers/application.rb
@@ -13,5 +13,14 @@ class ApplicationController < ActionController::Base
helper :application
include LoginSystem
+
+ def count_shown_items(hidden)
+ count = 0
+ sub = 0
+ hidden.each do |h|
+ sub = Todo.find_all("done=0 AND context_id=#{h.id}").length + sub
+ end
+ total = Todo.find_all("done=0").length - sub
+ end
end
\ No newline at end of file
diff --git a/tracks/app/controllers/feed_controller.rb b/tracks/app/controllers/feed_controller.rb
index aa29c14f..28cabaf7 100644
--- a/tracks/app/controllers/feed_controller.rb
+++ b/tracks/app/controllers/feed_controller.rb
@@ -4,7 +4,6 @@ class FeedController < ApplicationController
helper :feed
model :todo, :context, :project
- before_filter :login_required
def index
end
@@ -14,21 +13,39 @@ class FeedController < ApplicationController
# and the item context as the description
#
def na_feed
- @not_done = Todo.find_all( "done=0", "created DESC" )
- @headers["Content-Type"] = "text/xml; charset=utf-8"
+ # Check whether the token in the URL matches the word in the User's table
+ # Render the RSS feed if it is, or show an error message if not
+ @token = @params['token']
+ @user_name = @params['name']
+ @current_user = User.find_by_login(@user_name)
+ if (@token == @current_user.word && @user_name == @current_user.login)
+ @not_done = Todo.find_all( "done=0", "created DESC" )
+ @headers["Content-Type"] = "text/xml; charset=utf-8"
+ else
+ render_text "Sorry, you don't have permission to view this page."
+ end
end
# Builds a plain text page listing all the next actions,
- # sorted by context. Showing notes doesn' make much sense here
+ # sorted by context. Showing notes doesn't make much sense here
# so they are omitted. You can use this with GeekTool to get your next actions
# on the desktop:
- # curl http://url_for_the_app/feed/na_text
+ # curl [url from "TXT" link on todo/list]
#
def na_text
- @places = Context.find_all
- @projects = Project.find_all
- @not_done = Todo.find_all( "done=0", "context_id ASC" )
- @headers["Content-Type"] = "text/plain; charset=utf-8"
+ # Check whether the token in the URL matches the word in the User's table
+ # Render the text file if it is, or show an error message if not
+ @token = @params['token']
+ @user_name = @params['name']
+ @current_user = User.find_by_login(@user_name)
+ if (@token == @current_user.word && @user_name == @current_user.login)
+ @places = Context.find_all
+ @projects = Project.find_all
+ @not_done = Todo.find_all( "done=0", "context_id ASC" )
+ @headers["Content-Type"] = "text/plain; charset=utf-8"
+ else
+ render_text "Sorry, you don't have permission to view this page."
+ end
end
end
diff --git a/tracks/app/controllers/todo_controller.rb b/tracks/app/controllers/todo_controller.rb
index 4c017f98..fbf6df13 100644
--- a/tracks/app/controllers/todo_controller.rb
+++ b/tracks/app/controllers/todo_controller.rb
@@ -19,12 +19,7 @@ class TodoController < ApplicationController
@done = Todo.find_all_by_done( 1, "completed DESC", 5 )
# Set count badge to number of not-done, not hidden context items
- count = 0
- sub = 0
- @hidden_places.each do |h|
- sub = Todo.find_all("done=0 AND context_id=#{h.id}").length + sub
- end
- @count = Todo.find_all("done=0").length - sub
+ @count = count_shown_items(@hidden_places)
end
diff --git a/tracks/app/views/layouts/standard.rhtml b/tracks/app/views/layouts/standard.rhtml
index 246fe382..8198de27 100644
--- a/tracks/app/views/layouts/standard.rhtml
+++ b/tracks/app/views/layouts/standard.rhtml
@@ -23,10 +23,10 @@
<%= link_to( "Completed", :controller => "todo", :action => "completed" ) %>
Show
Hide
- <%= link_to "RSS", { :controller => "feed", :action => "na_feed" }, :title => "Subscribe to RSS feed of next actions" %>
- <%= link_to "TXT", { :controller => "feed", :action => "na_text" }, :title => "View a plain text list of next actions" %>
+ <%= link_to ("RSS", {:controller => "feed", :action => "na_feed", :params => {"name", "#{@session['user']['login']}", "token", "#{@session['user']['word']}"}}, :title => "Subscribe to an RSS feed of your next actions" ) %>
+ <%= link_to ("TXT", {:controller => "feed", :action => "na_text", :params => {"name", "#{@session['user']['login']}", "token", "#{@session['user']['word']}"}}, :title => "View a plain text feed of your next actions" ) %>
<%= link_to "Logout »", :controller => "login", :action=>"logout"%>
diff --git a/tracks/doc/CHANGENOTES.txt b/tracks/doc/CHANGENOTES.txt
index 4e34c547..a40b896e 100644
--- a/tracks/doc/CHANGENOTES.txt
+++ b/tracks/doc/CHANGENOTES.txt
@@ -29,6 +29,7 @@ or whatever the full URL is. This should help people who put Tracks in a subdire
but ONLY if you're using the development environment; with production it's fine, and with the gem version of Redcloth it's fine in both environments.
13. Modified the 'count' badge on todo/list: now shows the number of uncompleted items in contexts that *aren't* hidden (i.e. the actions actually listed on todo/list). Number of items in hidden contexts are shown in parentheses after the link to that context. So you don't forget about that stuff ;-)
+14. Protected RSS and text feeds at last! The appropriate URLs can be copied from the RSS and TXT links in the navigation bar. The URL includes the login name of the current user, and an MD5 encoded string of the 'word' field of the users table. This is checked against users to make sure it's valid; if it is, the feed is displayed, if not, you get an error message.
## Version 1.01