class ChangesetsController < ApiController
require "xml/libxml"
+ before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe]
+ before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :subscribe, :unsubscribe]
before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
authorize_resource
before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
- before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe]
- before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :subscribe, :unsubscribe]
before_action :set_request_formats, :except => [:create, :close, :upload]
around_action :api_call_handle_error
# Helper methods for checking consistency
include ConsistencyValidations
+ DEFAULT_QUERY_LIMIT = 100
+ MAX_QUERY_LIMIT = 100
+
+ ##
+ # Return XML giving the basic info about the changeset. Does not
+ # return anything about the nodes, ways and relations in the changeset.
+ def show
+ @changeset = Changeset.find(params[:id])
+ @include_discussion = params[:include_discussion].presence
+ render "changeset"
+
+ respond_to do |format|
+ format.xml
+ format.json
+ end
+ end
+
# Create a changeset from XML.
def create
assert_method :put
render :plain => cs.id.to_s
end
- ##
- # Return XML giving the basic info about the changeset. Does not
- # return anything about the nodes, ways and relations in the changeset.
- def show
- @changeset = Changeset.find(params[:id])
- @include_discussion = params[:include_discussion].presence
- render "changeset"
-
- respond_to do |format|
- format.xml
- format.json
- end
- end
-
##
# marks a changeset as closed. this may be called multiple times
# on the same changeset, so is idempotent.
changesets = conditions_ids(changesets, params["changesets"])
# sort and limit the changesets
- changesets = changesets.order("created_at DESC").limit(100)
+ changesets = changesets.order("created_at DESC").limit(result_limit)
# preload users, tags and comments, and render result
@changesets = changesets.preload(:user, :changeset_tags, :comments)
changesets.where(:id => ids)
end
end
+
+ ##
+ # Get the maximum number of results to return
+ def result_limit
+ if params[:limit]
+ if params[:limit].to_i.positive? && params[:limit].to_i <= MAX_QUERY_LIMIT
+ params[:limit].to_i
+ else
+ raise OSM::APIBadUserInput, "Changeset limit must be between 1 and #{MAX_QUERY_LIMIT}"
+ end
+ else
+ DEFAULT_QUERY_LIMIT
+ end
+ end
end
end