]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/changesets_controller.rb
Remove authorize_web call from traces api controller
[rails.git] / app / controllers / changesets_controller.rb
index fff9f543bf7f7dc3e95d0c49fa6f77e6267db466..fef4d85eb51273596dfe81ccfc0cad88ba81c19f 100644 (file)
@@ -1,13 +1,14 @@
 # The ChangesetController is the RESTful interface to Changeset objects
 
 class ChangesetsController < ApplicationController
+  include UserMethods
+
   layout "site"
   require "xml/libxml"
 
-  skip_before_action :verify_authenticity_token, :except => [:index]
   before_action :authorize_web
   before_action :set_locale
-  before_action(:only => [:index, :feed]) { |c| c.check_database_readable(true) }
+  before_action -> { check_database_readable(:need_api => true) }, :only => [:index, :feed]
 
   authorize_resource
 
@@ -47,21 +48,21 @@ class ChangesetsController < ApplicationController
 
       if @params[:display_name]
         changesets = if user.data_public? || user == current_user
-                       changesets.where(:user_id => user.id)
+                       changesets.where(:user => user)
                      else
                        changesets.where("false")
                      end
       elsif @params[:bbox]
         changesets = conditions_bbox(changesets, BoundingBox.from_bbox_params(params))
       elsif @params[:friends] && current_user
-        changesets = changesets.where(:user_id => current_user.friend_users.identifiable)
+        changesets = changesets.where(:user => current_user.friends.identifiable)
       elsif @params[:nearby] && current_user
-        changesets = changesets.where(:user_id => current_user.nearby)
+        changesets = changesets.where(:user => current_user.nearby)
       end
 
       changesets = changesets.where("changesets.id <= ?", @params[:max_id]) if @params[:max_id]
 
-      @edits = changesets.order("changesets.id DESC").limit(20).preload(:user, :changeset_tags, :comments)
+      @changesets = changesets.order("changesets.id DESC").limit(20).preload(:user, :changeset_tags, :comments)
 
       render :action => :index, :layout => false
     end