+ # AMF Controller implements its own authentication and authorization checks
+ # completely independently of the rest of the codebase, so best just to let
+ # it keep doing its own thing.
+ skip_authorization_check
+
# Main AMF handlers: process the raw AMF string (using AMF library) and
# calls each action (private method) accordingly.
# Main AMF handlers: process the raw AMF string (using AMF library) and
# calls each action (private method) accordingly.
def amf_handle_error(call, rootobj, rootid)
yield
rescue OSM::APIAlreadyDeletedError => ex
def amf_handle_error(call, rootobj, rootid)
yield
rescue OSM::APIAlreadyDeletedError => ex
- return [-3, [rootobj, rootid], [ex.type.downcase, ex.id, ex.latest]]
+ [-3, [rootobj, rootid], [ex.type.downcase, ex.id, ex.latest]]
user = getuser(usertoken)
return -1, "You are not logged in, so Potlatch can't write any changes to the database." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
user = getuser(usertoken)
return -1, "You are not logged in, so Potlatch can't write any changes to the database." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
# Return presets (default tags, localisation etc.):
# uses POTLATCH_PRESETS global, set up in OSM::Potlatch.
# Return presets (default tags, localisation etc.):
# uses POTLATCH_PRESETS global, set up in OSM::Potlatch.
# nodes in the bbox, nodes are any visible nodes in the bbox but not
# used in any way, rel is any relation which refers to either a way
# or node that we're returning.
# nodes in the bbox, nodes are any visible nodes in the bbox but not
# used in any way, rel is any relation which refers to either a way
# or node that we're returning.
- def whichways(xmin, ymin, xmax, ymax) #:doc:
+ def whichways(xmin, ymin, xmax, ymax)
amf_handle_error_with_timeout("'whichways'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
amf_handle_error_with_timeout("'whichways'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
# Find deleted ways in current bounding box (similar to whichways, but ways
# with a deleted node only - not POIs or relations).
# Find deleted ways in current bounding box (similar to whichways, but ways
# with a deleted node only - not POIs or relations).
- def whichways_deleted(xmin, ymin, xmax, ymax) #:doc:
+ def whichways_deleted(xmin, ymin, xmax, ymax)
amf_handle_error_with_timeout("'whichways_deleted'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
amf_handle_error_with_timeout("'whichways_deleted'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
# Get a way including nodes and tags.
# Returns the way id, a Potlatch-style array of points, a hash of tags, the version number, and the user ID.
# Get a way including nodes and tags.
# Returns the way id, a Potlatch-style array of points, a hash of tags, the version number, and the user ID.
amf_handle_error_with_timeout("'getway' #{wayid}", "way", wayid) do
if POTLATCH_USE_SQL
points = sql_get_nodes_in_way(wayid)
amf_handle_error_with_timeout("'getway' #{wayid}", "way", wayid) do
if POTLATCH_USE_SQL
points = sql_get_nodes_in_way(wayid)
amf_handle_error_with_timeout("'getway_old' #{id}, #{timestamp}", "way", id) do
if timestamp == ""
# undelete
amf_handle_error_with_timeout("'getway_old' #{id}, #{timestamp}", "way", id) do
if timestamp == ""
# undelete
old_way = OldWay.where("way_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first
unless old_way.nil?
if old_way.visible
old_way = OldWay.where("way_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first
unless old_way.nil?
if old_way.visible
history = Node.find(nodeid).old_nodes.unredacted.reverse.collect do |old_node|
[(old_node.timestamp + 1).strftime("%d %b %Y, %H:%M:%S")] + change_user(old_node)
end
history = Node.find(nodeid).old_nodes.unredacted.reverse.collect do |old_node|
[(old_node.timestamp + 1).strftime("%d %b %Y, %H:%M:%S")] + change_user(old_node)
end
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
query = Trace.visible_to(user)
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
query = Trace.visible_to(user)
query.where(:id => searchterm.to_i)
else
query.where("MATCH(name) AGAINST (?)", searchterm).limit(21)
query.where(:id => searchterm.to_i)
else
query.where("MATCH(name) AGAINST (?)", searchterm).limit(21)
amf_handle_error("'getrelation' #{relid}", "relation", relid) do
rel = Relation.where(:id => relid).first
return [-4, "relation", relid] if rel.nil? || !rel.visible
amf_handle_error("'getrelation' #{relid}", "relation", relid) do
rel = Relation.where(:id => relid).first
return [-4, "relation", relid] if rel.nil? || !rel.visible
[0, "", relid, rel.tags, rel.members, rel.version]
end
end
[0, "", relid, rel.tags, rel.members, rel.version]
end
end
- if rel && rel.visible
- rels.push([rel.id, rel.tags, rel.members, rel.version])
- end
+ rels.push([rel.id, rel.tags, rel.members, rel.version]) if rel&.visible
- if t.relation.visible
- rels.push([t.relation.id, t.relation.tags, t.relation.members, t.relation.version])
- end
+ rels.push([t.relation.id, t.relation.tags, t.relation.members, t.relation.version]) if t.relation.visible
- def putrelation(renumberednodes, renumberedways, usertoken, changeset_id, version, relid, tags, members, visible) #:doc:
+ def putrelation(renumberednodes, renumberedways, usertoken, changeset_id, version, relid, tags, members, visible)
amf_handle_error("'putrelation' #{relid}", "relation", relid) do
user = getuser(usertoken)
return -1, "You are not logged in, so the relation could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
amf_handle_error("'putrelation' #{relid}", "relation", relid) do
user = getuser(usertoken)
return -1, "You are not logged in, so the relation could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
# We always need a new node, based on the data that has been sent to us
new_relation = Relation.new
# We always need a new node, based on the data that has been sent to us
new_relation = Relation.new
- if mid
- typedmembers << [m[0], mid, m[2].delete("\000-\037\ufffe\uffff", "^\011\012\015")]
- end
+ typedmembers << [m[0], mid, m[2].delete("\000-\037\ufffe\uffff", "^\011\012\015")] if mid
if relid <= 0
return [0, "", relid, new_relation.id, new_relation.version]
if relid <= 0
return [0, "", relid, new_relation.id, new_relation.version]
# 6. hash of changed node versions (node=>version)
# 7. hash of deleted node versions (node=>version)
# 6. hash of changed node versions (node=>version)
# 7. hash of deleted node versions (node=>version)
- def putway(renumberednodes, usertoken, changeset_id, wayversion, originalway, pointlist, attributes, nodes, deletednodes) #:doc:
+ def putway(renumberednodes, usertoken, changeset_id, wayversion, originalway, pointlist, attributes, nodes, deletednodes)
amf_handle_error("'putway' #{originalway}", "way", originalway) do
# -- Initialise
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
amf_handle_error("'putway' #{originalway}", "way", originalway) do
# -- Initialise
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
return -2, "Server error - way is only #{pointlist.length} points long." if pointlist.length < 2
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(attributes)
return -2, "Server error - way is only #{pointlist.length} points long." if pointlist.length < 2
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(attributes)
# fixup node tags in a way as well
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(node.tags)
# fixup node tags in a way as well
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(node.tags)
[0, "", originalway, way.id, renumberednodes, way.version, nodeversions, deletednodes]
end
[0, "", originalway, way.id, renumberednodes, way.version, nodeversions, deletednodes]
end
- def putpoi(usertoken, changeset_id, version, id, lon, lat, tags, visible) #:doc:
+ def putpoi(usertoken, changeset_id, version, id, lon, lat, tags, visible)
amf_handle_error("'putpoi' #{id}", "node", id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the point could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
amf_handle_error("'putpoi' #{id}", "node", id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the point could not be saved." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
- unless visible || node.ways.empty?
- return -1, "Point #{id} has since become part of a way, so you cannot save it as a POI.", id, id, version
- end
+ return -1, "Point #{id} has since become part of a way, so you cannot save it as a POI.", id, id, version unless visible || node.ways.empty?
if id <= 0
return [0, "", id, new_node.id, new_node.version]
if id <= 0
return [0, "", id, new_node.id, new_node.version]
#
# Returns array of id, long, lat, hash of tags, (current) version.
#
# Returns array of id, long, lat, hash of tags, (current) version.
amf_handle_error("'getpoi' #{id}", "node", id) do
id = id.to_i
n = Node.where(:id => id).first
if n
v = n.version
amf_handle_error("'getpoi' #{id}", "node", id) do
id = id.to_i
n = Node.where(:id => id).first
if n
v = n.version
- unless timestamp == ""
- n = OldNode.where("node_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first
- end
+ n = OldNode.where("node_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first unless timestamp == ""
# of the nodes have been changed by someone else then, there is a problem!
# Returns 0 (success), unchanged way id, new way version, new node versions.
# of the nodes have been changed by someone else then, there is a problem!
# Returns 0 (success), unchanged way id, new way version, new node versions.
- def deleteway(usertoken, changeset_id, way_id, way_version, deletednodes) #:doc:
+ def deleteway(usertoken, changeset_id, way_id, way_version, deletednodes)
amf_handle_error("'deleteway' #{way_id}", "way", way_id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be deleted." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
amf_handle_error("'deleteway' #{way_id}", "way", way_id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be deleted." unless user
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
[0, "", way_id, old_way.version, nodeversions]
end
end
[0, "", way_id, old_way.version, nodeversions]
end
end
# When we are writing to the api, we need the actual user model,
# not just the id, hence this abstraction
# When we are writing to the api, we need the actual user model,
# not just the id, hence this abstraction
if token =~ /^(.+)\:(.+)$/
User.authenticate(:username => Regexp.last_match(1), :password => Regexp.last_match(2))
else
if token =~ /^(.+)\:(.+)$/
User.authenticate(:username => Regexp.last_match(1), :password => Regexp.last_match(2))
else
- @locales ||= Locale.list(Dir.glob(Rails.root.join("config", "potlatch", "locales", "*")).collect { |f| File.basename(f, ".yml") })
+ @getlocales ||= Locale.list(Dir.glob(Rails.root.join("config", "potlatch", "locales", "*")).collect { |f| File.basename(f, ".yml") })
- unless tags.nil?
- tags.each do |k, v|
- new_k = k.delete "\000-\037\ufffe\uffff", "^\011\012\015"
- new_v = v.delete "\000-\037\ufffe\uffff", "^\011\012\015"
- new_tags[new_k] = new_v
- end
+ tags&.each do |k, v|
+ new_k = k.delete "\000-\037\ufffe\uffff", "^\011\012\015"
+ new_v = v.delete "\000-\037\ufffe\uffff", "^\011\012\015"
+ new_tags[new_k] = new_v
INNER JOIN current_relation_members crm ON crm.id=cr.id
INNER JOIN current_nodes cn ON crm.member_id=cn.id AND crm.member_type='Node'
WHERE #{OSM.sql_for_area(bbox, 'cn.')}
INNER JOIN current_relation_members crm ON crm.id=cr.id
INNER JOIN current_nodes cn ON crm.member_id=cn.id AND crm.member_type='Node'
WHERE #{OSM.sql_for_area(bbox, 'cn.')}
INNER JOIN current_relation_members crm ON crm.id=cr.id
WHERE crm.member_type='Way'
AND crm.member_id IN (#{way_ids.join(',')})
INNER JOIN current_relation_members crm ON crm.id=cr.id
WHERE crm.member_type='Way'
AND crm.member_id IN (#{way_ids.join(',')})
projects / rails.git / blobdiff