Protected RSS and text feeds at last! The appropriate URLs can be copied from the RSS and TXT links in the navigation bar. The URL includes the login name of the current user, and an MD5 encoded string of the 'word' field of the users table. This is checked against users to make sure it's valid; if it is, the feed is displayed, if not, you get an error message.

I still need to link up the signup page so that users can enter a string as a 'word' to be encoded. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@30 a4c988fc-2ded-0310-b66e-134b36920a42
2025-12-16 15:20:13 +01:00 · 2005-02-25 19:04:16 +00:00 · 2005-02-25 19:04:16 +00:00 · bc9f91c32d
commit bc9f91c32d
parent 14334563ee
5 changed files with 41 additions and 19 deletions
--- a/tracks/app/controllers/application.rb
+++ b/tracks/app/controllers/application.rb
@ -14,4 +14,13 @@ class ApplicationController < ActionController::Base
  helper :application
  include LoginSystem
  
+  def count_shown_items(hidden)
+		count = 0
+	  sub = 0
+	  hidden.each do |h|
+	    sub = Todo.find_all("done=0 AND context_id=#{h.id}").length + sub
+	  end
+	  total = Todo.find_all("done=0").length - sub
+  end
+	
 end
--- a/tracks/app/controllers/feed_controller.rb
+++ b/tracks/app/controllers/feed_controller.rb
@ -4,7 +4,6 @@ class FeedController < ApplicationController
  
  helper :feed
  model :todo, :context, :project
-  before_filter :login_required
  
  def index
  end
@ -14,21 +13,39 @@ class FeedController < ApplicationController
  # and the item context as the description
  #
  def na_feed
+    # Check whether the token in the URL matches the word in the User's table
+    # Render the RSS feed if it is, or show an error message if not
+    @token = @params['token']
+    @user_name = @params['name']
+    @current_user = User.find_by_login(@user_name)
+    if (@token == @current_user.word && @user_name == @current_user.login)
  		@not_done = Todo.find_all( "done=0", "created DESC" )
      @headers["Content-Type"] = "text/xml; charset=utf-8"
+    else
+      render_text "Sorry, you don't have permission to view this page."
+    end
  end
  
  # Builds a plain text page listing all the next actions,
-  # sorted by context. Showing notes doesn' make much sense here
+  # sorted by context. Showing notes doesn't make much sense here
  # so they are omitted. You can use this with GeekTool to get your next actions
  # on the desktop:
-  # curl http://url_for_the_app/feed/na_text
+  # curl [url from "TXT" link on todo/list]
  #
  def na_text
+    # Check whether the token in the URL matches the word in the User's table
+    # Render the text file if it is, or show an error message if not
+    @token = @params['token']
+    @user_name = @params['name']
+    @current_user = User.find_by_login(@user_name)
+    if (@token == @current_user.word && @user_name == @current_user.login)
      @places = Context.find_all
      @projects = Project.find_all
      @not_done = Todo.find_all( "done=0", "context_id ASC" )
      @headers["Content-Type"] = "text/plain; charset=utf-8"
+    else
+      render_text "Sorry, you don't have permission to view this page."
+    end
  end
  
 end
--- a/tracks/app/controllers/todo_controller.rb
+++ b/tracks/app/controllers/todo_controller.rb
@ -19,12 +19,7 @@ class TodoController < ApplicationController
 		@done = Todo.find_all_by_done( 1, "completed DESC", 5 )
 		
 		# Set count badge to number of not-done, not hidden context items
-		count = 0
-	  sub = 0
-	  @hidden_places.each do |h|
-	    sub = Todo.find_all("done=0 AND context_id=#{h.id}").length + sub
-	  end
-	  @count = Todo.find_all("done=0").length - sub
+		@count = count_shown_items(@hidden_places)
 	end


--- a/tracks/app/views/layouts/standard.rhtml
+++ b/tracks/app/views/layouts/standard.rhtml
@ -23,10 +23,10 @@
 	<li><%= link_to( "Completed", :controller => "todo", :action => "completed" ) %></li>
 	<li><a href="javascript:toggleAll('notes','block')" title="Show all notes">Show</a></li>
 	<li><a href="javascript:toggleAll('notes','none')" title="Show all notes">Hide</a></li>
-	<li><%= link_to "<span style=\"font-family: verdana, sans-serif; font-size: 10px; font-weight:bold; text-decoration:none; color: white; background-color: #F60; border:1px solid;
-border-color: #FC9 #630 #330 #F96; padding:0px 3px 0px 3px; margin:0px;\">RSS</span>", { :controller => "feed", :action => "na_feed" }, :title => "Subscribe to RSS feed of next actions" %></li>
-  <li><%= link_to "<span style=\"font-family: verdana, sans-serif; font-size: 10px; font-weight:bold; text-decoration:none; color: white; background-color: #F60; border:1px solid;
-border-color: #FC9 #630 #330 #F96; padding:0px 3px 0px 3px; margin:0px;\">TXT</span>", { :controller => "feed", :action => "na_text" }, :title => "View a plain text list of next actions" %></li>
+	<li><%= link_to ("<span style=\"font-family: verdana, sans-serif; font-size: 10px; font-weight:bold; text-decoration:none; color: white; background-color: #F60; border:1px solid;
+border-color: #FC9 #630 #330 #F96; padding:0px 3px 0px 3px; margin:0px;\">RSS</span>", {:controller => "feed", :action => "na_feed", :params => {"name", "#{@session['user']['login']}", "token", "#{@session['user']['word']}"}}, :title => "Subscribe to an RSS feed of your next actions" ) %></li>
+  <li><%= link_to ("<span style=\"font-family: verdana, sans-serif; font-size: 10px; font-weight:bold; text-decoration:none; color: white; background-color: #F60; border:1px solid;
+border-color: #FC9 #630 #330 #F96; padding:0px 3px 0px 3px; margin:0px;\">TXT</span>", {:controller => "feed", :action => "na_text", :params => {"name", "#{@session['user']['login']}", "token", "#{@session['user']['word']}"}}, :title => "View a plain text feed of your next actions" ) %></li>
 	<li><%= link_to "Logout &#187;", :controller => "login", :action=>"logout"%></li>
 </ul>
 </div>
--- a/tracks/doc/CHANGENOTES.txt
+++ b/tracks/doc/CHANGENOTES.txt
@ -29,6 +29,7 @@ or whatever the full URL is. This should help people who put Tracks in a subdire

 but ONLY if you're using the development environment; with production it's fine, and with the gem version of Redcloth it's fine in both environments.
 13. Modified the 'count' badge on todo/list: now shows the number of uncompleted items in contexts that *aren't* hidden (i.e. the actions actually listed on todo/list). Number of items in hidden contexts are shown in parentheses after the link to that context. So you don't forget about that stuff ;-)
+14. Protected RSS and text feeds at last! The appropriate URLs can be copied from the RSS and TXT links in the navigation bar. The URL includes the login name of the current user, and an MD5 encoded string of the 'word' field of the users table. This is checked against users to make sure it's valid; if it is, the feed is displayed, if not, you get an error message.

 ## Version 1.01