+# The NodeController is the RESTful interface to Node objects
+
class NodeController < ApplicationController
- require 'xml/libxml'
+ require "xml/libxml"
- before_filter :authorize
+ skip_before_action :verify_authenticity_token
+ before_action :authorize, :only => [:create, :update, :delete]
+ before_action :require_allow_write_api, :only => [:create, :update, :delete]
+ before_action :require_public_data, :only => [:create, :update, :delete]
+ before_action :check_api_writable, :only => [:create, :update, :delete]
+ before_action :check_api_readable, :except => [:create, :update, :delete]
+ around_action :api_call_handle_error, :api_call_timeout
+ # Create a node from XML.
def create
- if request.put?
- node = Node.from_xml(request.raw_post, true)
-
- if node
- node.user_id = @user.id
- if node.save_with_history
-
- render :text => node.id
- else
- render :text => 'truesrgtsrtfgsar', :status => 500
-# render :nothing => true, :status => 500
- end
- return
-
- else
- render :nothing => true, :status => 400 # if we got here the doc didnt parse
- return
- end
- end
+ assert_method :put
+
+ node = Node.from_xml(request.raw_post, true)
- render :text => 'FFFFFFFFFF ', :status => 500
-# render :nothing => true, :status => 500 # something went very wrong
+ # Assume that Node.from_xml has thrown an exception if there is an error parsing the xml
+ node.create_with_history current_user
+ render :plain => node.id.to_s
end
- def rest
- unless Node.exists?(params[:id])
- render :nothing => true, :status => 400
- return
+ # Dump the details on a node given in params[:id]
+ def read
+ node = Node.find(params[:id])
+
+ response.last_modified = node.timestamp
+
+ if node.visible
+ render :xml => node.to_xml.to_s
+ else
+ head :gone
end
+ end
+ # Update a node from given XML
+ def update
node = Node.find(params[:id])
+ new_node = Node.from_xml(request.raw_post)
- case request.method
+ raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
- when :get
- render :text => node.to_xml.to_s
- return
+ node.update_from(new_node, current_user)
+ render :plain => node.version.to_s
+ end
- when :delete
+ # Delete a node. Doesn't actually delete it, but retains its history
+ # in a wiki-like way. We therefore treat it like an update, so the delete
+ # method returns the new version number.
+ def delete
+ node = Node.find(params[:id])
+ new_node = Node.from_xml(request.raw_post)
- if node.visible
- node.visible = 0
+ raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
- node.save_with_history
+ node.delete_with_history!(new_node, current_user)
+ render :plain => node.version.to_s
+ end
- render :nothing => true
- else
- render :nothing => true, :status => 410
- end
+ # Dump the details on many nodes whose ids are given in the "nodes" parameter.
+ def nodes
+ raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]" unless params["nodes"]
- when :put
+ ids = params["nodes"].split(",").collect(&:to_i)
- new_node = Node.from_xml(request.raw_post)
+ raise OSM::APIBadUserInput, "No nodes were given to search for" if ids.empty?
- new_node.timestamp = Time.now
- new_node.user_id = @user.id
+ doc = OSM::API.new.get_xml_doc
- if node.id == new_node.id and new_node.save_with_history
- render :text => node.id
- else
- render :nothing => true, :status => 500
- end
- return
+ Node.find(ids).each do |node|
+ doc.root << node.to_xml_node
end
+ render :xml => doc.to_s
end
-
-
end