skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :delete]
- before_action :require_allow_write_api, :only => [:create, :update, :delete]
+ before_action :api_deny_access_handler
+
+ authorize_resource
+
before_action :require_public_data, :only => [:create, :update, :delete]
before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :check_api_readable, :except => [:create, :update, :delete]
end
# Dump the details on a node given in params[:id]
- def read
+ def show
node = Node.find(params[:id])
response.last_modified = node.timestamp
end
# Dump the details on many nodes whose ids are given in the "nodes" parameter.
- def nodes
+ def index
raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]" unless params["nodes"]
ids = params["nodes"].split(",").collect(&:to_i)