skip_before_action :verify_authenticity_token
before_action :check_api_writable
+ # AMF Controller implements its own authentication and authorization checks
+ # completely independently of the rest of the codebase, so best just to let
+ # it keep doing its own thing.
+ skip_authorization_check
+
# Main AMF handlers: process the raw AMF string (using AMF library) and
# calls each action (private method) accordingly.
user = getuser(usertoken)
return -1, "You are not logged in, so Potlatch can't write any changes to the database." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
- return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
+ return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil?
if cstags
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(cstags)
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
query = Trace.visible_to(user)
- query = if searchterm.to_i > 0
+ query = if searchterm.to_i.positive?
query.where(:id => searchterm.to_i)
else
query.where("MATCH(name) AGAINST (?)", searchterm).limit(21)
def findrelations(searchterm)
rels = []
- if searchterm.to_i > 0
+ if searchterm.to_i.positive?
rel = Relation.where(:id => searchterm.to_i).first
rels.push([rel.id, rel.tags, rel.members, rel.version]) if rel&.visible
else
return -1, "You are not logged in, so the relation could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
- return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
+ return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil?
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags)
relation = nil
Relation.transaction do
# create a new relation, or find the existing one
- relation = Relation.find(relid) if relid > 0
+ relation = Relation.find(relid) if relid.positive?
# We always need a new node, based on the data that has been sent to us
new_relation = Relation.new
typedmembers = []
members.each do |m|
mid = m[1].to_i
- if mid < 0
+ if mid.negative?
mid = renumberednodes[mid] if m[0] == "Node"
mid = renumberedways[mid] if m[0] == "Way"
end
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
- return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
+ return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil?
return -2, "Server error - way is only #{pointlist.length} points long." if pointlist.length < 2
user = getuser(usertoken)
return -1, "You are not logged in, so the point could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
- return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
+ return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil?
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags)
node = nil
new_node = nil
Node.transaction do
- if id > 0
+ if id.positive?
begin
node = Node.find(id)
rescue ActiveRecord::RecordNotFound
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be deleted." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
- return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
+ return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil?
way_id = way_id.to_i
nodeversions = {}