Protected RSS and text feeds at last! The appropriate URLs can be copied from the RSS and TXT links in the navigation bar. The URL includes the login name of the current user, and an MD5 encoded string of the 'word' field of the users table. This is checked against users to make sure it's valid; if it is, the feed is displayed, if not, you get an error message.

I still need to link up the signup page so that users can enter a string as a 'word' to be encoded.


git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@30 a4c988fc-2ded-0310-b66e-134b36920a42

tracks/app/controllers/application.rb

@@ -13,5 +13,14 @@ class ApplicationController < ActionController::Base
     
   helper :application
   include LoginSystem
+  
+  def count_shown_items(hidden)
+		count = 0
+	  sub = 0
+	  hidden.each do |h|
+	    sub = Todo.find_all("done=0 AND context_id=#{h.id}").length + sub
+	  end
+	  total = Todo.find_all("done=0").length - sub
+  end
 	
 end

tracks/app/controllers/feed_controller.rb

@@ -4,7 +4,6 @@ class FeedController < ApplicationController
   
   helper :feed
   model :todo, :context, :project
-  before_filter :login_required
   
   def index
   end
@@ -14,21 +13,39 @@ class FeedController < ApplicationController
   # and the item context as the description
   #
   def na_feed
-		@not_done = Todo.find_all( "done=0", "created DESC" )
-    @headers["Content-Type"] = "text/xml; charset=utf-8"
+    # Check whether the token in the URL matches the word in the User's table
+    # Render the RSS feed if it is, or show an error message if not
+    @token = @params['token']
+    @user_name = @params['name']
+    @current_user = User.find_by_login(@user_name)
+    if (@token == @current_user.word && @user_name == @current_user.login)
+  		@not_done = Todo.find_all( "done=0", "created DESC" )
+      @headers["Content-Type"] = "text/xml; charset=utf-8"
+    else
+      render_text "Sorry, you don't have permission to view this page."
+    end
   end
   
   # Builds a plain text page listing all the next actions,
-  # sorted by context. Showing notes doesn' make much sense here
+  # sorted by context. Showing notes doesn't make much sense here
   # so they are omitted. You can use this with GeekTool to get your next actions
   # on the desktop:
-  # curl http://url_for_the_app/feed/na_text
+  # curl [url from "TXT" link on todo/list]
   #
   def na_text
-    @places = Context.find_all
-    @projects = Project.find_all
-    @not_done = Todo.find_all( "done=0", "context_id ASC" )
-    @headers["Content-Type"] = "text/plain; charset=utf-8"
+    # Check whether the token in the URL matches the word in the User's table
+    # Render the text file if it is, or show an error message if not
+    @token = @params['token']
+    @user_name = @params['name']
+    @current_user = User.find_by_login(@user_name)
+    if (@token == @current_user.word && @user_name == @current_user.login)
+      @places = Context.find_all
+      @projects = Project.find_all
+      @not_done = Todo.find_all( "done=0", "context_id ASC" )
+      @headers["Content-Type"] = "text/plain; charset=utf-8"
+    else
+      render_text "Sorry, you don't have permission to view this page."
+    end
   end
   
 end

tracks/app/controllers/todo_controller.rb

@@ -19,12 +19,7 @@ class TodoController < ApplicationController
 		@done = Todo.find_all_by_done( 1, "completed DESC", 5 )
 		
 		# Set count badge to number of not-done, not hidden context items
-		count = 0
-	  sub = 0
-	  @hidden_places.each do |h|
-	    sub = Todo.find_all("done=0 AND context_id=#{h.id}").length + sub
-	  end
-	  @count = Todo.find_all("done=0").length - sub
+		@count = count_shown_items(@hidden_places)
 	end