class AmfController < ApplicationController
include Potlatch
- skip_before_filter :verify_authenticity_token
- before_filter :check_api_writable
+ skip_before_action :verify_authenticity_token
+ before_action :check_api_writable
+
+ # AMF Controller implements its own authentication and authorization checks
+ # completely independently of the rest of the codebase, so best just to let
+ # it keep doing its own thing.
+ skip_authorization_check
# Main AMF handlers: process the raw AMF string (using AMF library) and
# calls each action (private method) accordingly.
def amf_read
self.status = :ok
- self.content_type = Mime::AMF
+ self.content_type = Mime[:amf]
self.response_body = Dispatcher.new(request.raw_post) do |message, *args|
logger.info("Executing AMF #{message}(#{args.join(',')})")
err = false # Abort batch on error
self.status = :ok
- self.content_type = Mime::AMF
+ self.content_type = Mime[:amf]
self.response_body = Dispatcher.new(request.raw_post) do |message, *args|
logger.info("Executing AMF #{message}")
orn = renumberednodes.dup
result = putway(renumberednodes, *args)
result[4] = renumberednodes.reject { |k, _v| orn.key?(k) }
- renumberedways[result[2]] = result[3] if result[0] == 0 && result[2] != result[3]
+ renumberedways[result[2]] = result[3] if result[0].zero? && result[2] != result[3]
when "putrelation" then
result = putrelation(renumberednodes, renumberedways, *args)
when "deleteway" then
result = deleteway(*args)
when "putpoi" then
result = putpoi(*args)
- renumberednodes[result[2]] = result[3] if result[0] == 0 && result[2] != result[3]
+ renumberednodes[result[2]] = result[3] if result[0].zero? && result[2] != result[3]
when "startchangeset" then
result = startchangeset(*args)
end
- err = true if result[0] == -3 # If a conflict is detected, don't execute any more writes
+ err = true if result[0] == -3 # If a conflict is detected, don't execute any more writes
end
result
def amf_handle_error(call, rootobj, rootid)
yield
rescue OSM::APIAlreadyDeletedError => ex
- return [-4, ex.object, ex.object_id]
+ [-4, ex.object, ex.object_id]
rescue OSM::APIVersionMismatchError => ex
- return [-3, [rootobj, rootid], [ex.type.downcase, ex.id, ex.latest]]
+ [-3, [rootobj, rootid], [ex.type.downcase, ex.id, ex.latest]]
rescue OSM::APIUserChangesetMismatchError => ex
- return [-2, ex.to_s]
+ [-2, ex.to_s]
rescue OSM::APIBadBoundingBox => ex
- return [-2, "Sorry - I can't get the map for that area. The server said: #{ex}"]
+ [-2, "Sorry - I can't get the map for that area. The server said: #{ex}"]
rescue OSM::APIError => ex
- return [-1, ex.to_s]
+ [-1, ex.to_s]
rescue StandardError => ex
- return [-2, "An unusual error happened (in #{call}). The server said: #{ex}"]
+ [-2, "An unusual error happened (in #{call}). The server said: #{ex}"]
end
def amf_handle_error_with_timeout(call, rootobj, rootid)
if cstags
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(cstags)
+
cstags = strip_non_xml_chars cstags
end
cs = Changeset.find(closeid.to_i)
cs.set_closed_time_now
if cs.user_id != user.id
- fail OSM::APIUserChangesetMismatchError.new
+ raise OSM::APIUserChangesetMismatchError
elsif closecomment.empty?
cs.save!
else
end
# open a new changeset
- if opennew != 0
+ if opennew.nonzero?
cs = Changeset.new
cs.tags = cstags
cs.user_id = user.id
# Return presets (default tags, localisation etc.):
# uses POTLATCH_PRESETS global, set up in OSM::Potlatch.
- def getpresets(usertoken, lang) #:doc:
+ def getpresets(usertoken, _lang)
user = getuser(usertoken)
- if user && !user.languages.empty?
- http_accept_language.user_preferred_languages = user.languages
- end
+ langs = if user && !user.languages.empty?
+ Locale.list(user.languages)
+ else
+ Locale.list(http_accept_language.user_preferred_languages)
+ end
- lang = http_accept_language.compatible_language_from(getlocales)
- (real_lang, localised) = getlocalized(lang)
+ lang = getlocales.preferred(langs)
+ (real_lang, localised) = getlocalized(lang.to_s)
# Tell Potlatch what language it's using
localised["__potlatch_locale"] = real_lang
loaded_lang = "en"
# Load English defaults
- en = YAML.load(File.open("#{Rails.root}/config/potlatch/locales/en.yml"))["en"]
+ en = YAML.safe_load(File.open(Rails.root.join("config", "potlatch", "locales", "en.yml")))["en"]
if lang == "en"
return [loaded_lang, en]
else
# Use English as a fallback
begin
- other = YAML.load(File.open("#{Rails.root}/config/potlatch/locales/#{lang}.yml"))[lang]
+ other = YAML.safe_load(File.open(Rails.root.join("config", "potlatch", "locales", "#{lang}.yml")))[lang]
loaded_lang = lang
- rescue
+ rescue StandardError
other = en
end
# nodes in the bbox, nodes are any visible nodes in the bbox but not
# used in any way, rel is any relation which refers to either a way
# or node that we're returning.
- def whichways(xmin, ymin, xmax, ymax) #:doc:
+ def whichways(xmin, ymin, xmax, ymax)
amf_handle_error_with_timeout("'whichways'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
# Find deleted ways in current bounding box (similar to whichways, but ways
# with a deleted node only - not POIs or relations).
- def whichways_deleted(xmin, ymin, xmax, ymax) #:doc:
+ def whichways_deleted(xmin, ymin, xmax, ymax)
amf_handle_error_with_timeout("'whichways_deleted'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
# Get a way including nodes and tags.
# Returns the way id, a Potlatch-style array of points, a hash of tags, the version number, and the user ID.
- def getway(wayid) #:doc:
+ def getway(wayid)
amf_handle_error_with_timeout("'getway' #{wayid}", "way", wayid) do
if POTLATCH_USE_SQL
points = sql_get_nodes_in_way(wayid)
# 4. version,
# 5. is this the current, visible version? (boolean)
- def getway_old(id, timestamp) #:doc:
+ def getway_old(id, timestamp)
amf_handle_error_with_timeout("'getway_old' #{id}, #{timestamp}", "way", id) do
if timestamp == ""
# undelete
else
begin
# revert
- timestamp = DateTime.strptime(timestamp.to_s, "%d %b %Y, %H:%M:%S")
+ timestamp = Time.zone.strptime(timestamp.to_s, "%d %b %Y, %H:%M:%S")
old_way = OldWay.where("way_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first
unless old_way.nil?
- points = old_way.get_nodes_revert(timestamp)
- unless old_way.visible
+ if old_way.visible
+ points = old_way.get_nodes_revert(timestamp)
+ else
return [-1, "Sorry, the way was deleted at that time - please revert to a previous version.", id]
end
end
# sort and collapse list (to within 2 seconds); trim all dates before the
# start date of the way.
- def getway_history(wayid) #:doc:
+ def getway_history(wayid)
revdates = []
revusers = {}
Way.find(wayid).old_ways.unredacted.collect do |a|
revdates.collect! { |d| [(d + 1).strftime("%d %b %Y, %H:%M:%S")] + revusers[d.to_i] }
revdates.uniq!
- return ["way", wayid, revdates]
+ ["way", wayid, revdates]
rescue ActiveRecord::RecordNotFound
- return ["way", wayid, []]
+ ["way", wayid, []]
end
# Find history of a node. Returns 'node', id, and an array of previous versions as above.
- def getnode_history(nodeid) #:doc:
+ def getnode_history(nodeid)
history = Node.find(nodeid).old_nodes.unredacted.reverse.collect do |old_node|
[(old_node.timestamp + 1).strftime("%d %b %Y, %H:%M:%S")] + change_user(old_node)
end
- return ["node", nodeid, history]
+ ["node", nodeid, history]
rescue ActiveRecord::RecordNotFound
- return ["node", nodeid, []]
+ ["node", nodeid, []]
end
def change_user(obj)
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
query = Trace.visible_to(user)
- if searchterm.to_i > 0
- query = query.where(:id => searchterm.to_i)
- else
- query = query.where("MATCH(name) AGAINST (?)", searchterm).limit(21)
- end
+ query = if searchterm.to_i.positive?
+ query.where(:id => searchterm.to_i)
+ else
+ query.where("MATCH(name) AGAINST (?)", searchterm).limit(21)
+ end
gpxs = query.collect do |gpx|
[gpx.id, gpx.name, gpx.description]
end
# 4. list of members,
# 5. version.
- def getrelation(relid) #:doc:
+ def getrelation(relid)
amf_handle_error("'getrelation' #{relid}", "relation", relid) do
rel = Relation.where(:id => relid).first
return [-4, "relation", relid] if rel.nil? || !rel.visible
+
[0, "", relid, rel.tags, rel.members, rel.version]
end
end
def findrelations(searchterm)
rels = []
- if searchterm.to_i > 0
+ if searchterm.to_i.positive?
rel = Relation.where(:id => searchterm.to_i).first
- if rel && rel.visible
- rels.push([rel.id, rel.tags, rel.members, rel.version])
- end
+ rels.push([rel.id, rel.tags, rel.members, rel.version]) if rel&.visible
else
RelationTag.where("v like ?", "%#{searchterm}%").limit(11).each do |t|
- if t.relation.visible
- rels.push([t.relation.id, t.relation.tags, t.relation.members, t.relation.version])
- end
+ rels.push([t.relation.id, t.relation.tags, t.relation.members, t.relation.version]) if t.relation.visible
end
end
rels
# 2. new relation id,
# 3. version.
- def putrelation(renumberednodes, renumberedways, usertoken, changeset_id, version, relid, tags, members, visible) #:doc:
- amf_handle_error("'putrelation' #{relid}", "relation", relid) do
+ def putrelation(renumberednodes, renumberedways, usertoken, changeset_id, version, relid, tags, members, visible)
+ amf_handle_error("'putrelation' #{relid}", "relation", relid) do
user = getuser(usertoken)
return -1, "You are not logged in, so the relation could not be saved." unless user
return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags)
+
tags = strip_non_xml_chars tags
relid = relid.to_i
- visible = (visible.to_i != 0)
+ visible = visible.to_i.nonzero?
new_relation = nil
relation = nil
Relation.transaction do
# create a new relation, or find the existing one
- relation = Relation.find(relid) if relid > 0
+ relation = Relation.find(relid) if relid.positive?
# We always need a new node, based on the data that has been sent to us
new_relation = Relation.new
typedmembers = []
members.each do |m|
mid = m[1].to_i
- if mid < 0
+ if mid.negative?
mid = renumberednodes[mid] if m[0] == "Node"
mid = renumberedways[mid] if m[0] == "Way"
end
- if mid
- typedmembers << [m[0], mid, m[2].delete("\000-\037\ufffe\uffff", "^\011\012\015")]
- end
+ typedmembers << [m[0], mid, m[2].delete("\000-\037\ufffe\uffff", "^\011\012\015")] if mid
end
# assign new contents
new_relation.id = relid
relation.delete_with_history!(new_relation, user)
end
- end # transaction
+ end
if relid <= 0
return [0, "", relid, new_relation.id, new_relation.version]
# 3. new way id,
# 4. hash of renumbered nodes (old id=>new id),
# 5. way version,
- # 6. hash of node versions (node=>version)
+ # 6. hash of changed node versions (node=>version)
+ # 7. hash of deleted node versions (node=>version)
- def putway(renumberednodes, usertoken, changeset_id, wayversion, originalway, pointlist, attributes, nodes, deletednodes) #:doc:
+ def putway(renumberednodes, usertoken, changeset_id, wayversion, originalway, pointlist, attributes, nodes, deletednodes)
amf_handle_error("'putway' #{originalway}", "way", originalway) do
# -- Initialise
return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists?
return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
- return -2, "Server error - way is only #{points.length} points long." if pointlist.length < 2
+ return -2, "Server error - way is only #{pointlist.length} points long." if pointlist.length < 2
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(attributes)
+
attributes = strip_non_xml_chars attributes
originalway = originalway.to_i
id = a[2].to_i
version = a[3].to_i
- return -2, "Server error - node with id 0 found in way #{originalway}." if id == 0
+ return -2, "Server error - node with id 0 found in way #{originalway}." if id.zero?
return -2, "Server error - node with latitude -90 found in way #{originalway}." if lat == 90
- id = renumberednodes[id] if renumberednodes[id]
+ id = renumberednodes[id] if renumberednodes[id]
node = Node.new
node.changeset_id = changeset_id
# fixup node tags in a way as well
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(node.tags)
+
node.tags = strip_non_xml_chars node.tags
node.tags.delete("created_by")
# -- Save revised way
- pointlist.collect! do|a|
- renumberednodes[a] ? renumberednodes[a] : a
- end # renumber nodes
+ pointlist.collect! do |a|
+ renumberednodes[a] || a
+ end
new_way = Way.new
new_way.tags = attributes
new_way.nds = pointlist
# and we don't want to delete it
end
end
- end # transaction
+ end
[0, "", originalway, way.id, renumberednodes, way.version, nodeversions, deletednodes]
end
# 3. new node id,
# 4. version.
- def putpoi(usertoken, changeset_id, version, id, lon, lat, tags, visible) #:doc:
+ def putpoi(usertoken, changeset_id, version, id, lon, lat, tags, visible)
amf_handle_error("'putpoi' #{id}", "node", id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the point could not be saved." unless user
return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil?
return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags)
+
tags = strip_non_xml_chars tags
id = id.to_i
node = nil
new_node = nil
Node.transaction do
- if id > 0
- node = Node.find(id)
-
- unless visible || node.ways.empty?
- return -1, "Point #{id} has since become part of a way, so you cannot save it as a POI.", id, id, version
+ if id.positive?
+ begin
+ node = Node.find(id)
+ rescue ActiveRecord::RecordNotFound
+ return [-4, "node", id]
end
+
+ return -1, "Point #{id} has since become part of a way, so you cannot save it as a POI.", id, id, version unless visible || node.ways.empty?
end
# We always need a new node, based on the data that has been sent to us
new_node = Node.new
new_node.id = id
node.delete_with_history!(new_node, user)
end
- end # transaction
+ end
if id <= 0
return [0, "", id, new_node.id, new_node.version]
#
# Returns array of id, long, lat, hash of tags, (current) version.
- def getpoi(id, timestamp) #:doc:
+ def getpoi(id, timestamp)
amf_handle_error("'getpoi' #{id}", "node", id) do
id = id.to_i
- n = Node.find(id)
- v = n.version
- unless timestamp == ""
- n = OldNode.where("node_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first
+ n = Node.where(:id => id).first
+ if n
+ v = n.version
+ n = OldNode.where("node_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first unless timestamp == ""
end
if n
- return [0, "", n.id, n.lon, n.lat, n.tags, v]
+ return [0, "", id, n.lon, n.lat, n.tags, v]
else
return [-4, "node", id]
end
# of the nodes have been changed by someone else then, there is a problem!
# Returns 0 (success), unchanged way id, new way version, new node versions.
- def deleteway(usertoken, changeset_id, way_id, way_version, deletednodes) #:doc:
+ def deleteway(usertoken, changeset_id, way_id, way_version, deletednodes)
amf_handle_error("'deleteway' #{way_id}", "way", way_id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be deleted." unless user
# elsewhere and we don't want to delete it
end
end
- end # transaction
+ end
[0, "", way_id, old_way.version, nodeversions]
end
end
# When we are writing to the api, we need the actual user model,
# not just the id, hence this abstraction
- def getuser(token) #:doc:
+ def getuser(token)
if token =~ /^(.+)\:(.+)$/
- user = User.authenticate(:username => $1, :password => $2)
+ User.authenticate(:username => Regexp.last_match(1), :password => Regexp.last_match(2))
else
- user = User.authenticate(:token => token)
+ User.authenticate(:token => token)
end
- user
end
def getlocales
- Dir.glob("#{Rails.root}/config/potlatch/locales/*").collect { |f| File.basename(f, ".yml") }
+ @getlocales ||= Locale.list(Dir.glob(Rails.root.join("config", "potlatch", "locales", "*")).collect { |f| File.basename(f, ".yml") })
end
##
# in the +tags+ hash.
def strip_non_xml_chars(tags)
new_tags = {}
- unless tags.nil?
- tags.each do |k, v|
- new_k = k.delete "\000-\037\ufffe\uffff", "^\011\012\015"
- new_v = v.delete "\000-\037\ufffe\uffff", "^\011\012\015"
- new_tags[new_k] = new_v
- end
+ tags&.each do |k, v|
+ new_k = k.delete "\000-\037\ufffe\uffff", "^\011\012\015"
+ new_v = v.delete "\000-\037\ufffe\uffff", "^\011\012\015"
+ new_tags[new_k] = new_v
end
new_tags
end
# Alternative SQL queries for getway/whichways
def sql_find_ways_in_area(bbox)
- sql = <<-EOF
+ sql = <<-SQL
SELECT DISTINCT current_ways.id AS wayid,current_ways.version AS version
FROM current_way_nodes
INNER JOIN current_nodes ON current_nodes.id=current_way_nodes.node_id
INNER JOIN current_ways ON current_ways.id =current_way_nodes.id
WHERE current_nodes.visible=TRUE
AND current_ways.visible=TRUE
- AND #{OSM.sql_for_area(bbox, "current_nodes.")}
- EOF
+ AND #{OSM.sql_for_area(bbox, 'current_nodes.')}
+ SQL
ActiveRecord::Base.connection.select_all(sql).collect { |a| [a["wayid"].to_i, a["version"].to_i] }
end
def sql_find_pois_in_area(bbox)
pois = []
- sql = <<-EOF
+ sql = <<-SQL
SELECT current_nodes.id,current_nodes.latitude*0.0000001 AS lat,current_nodes.longitude*0.0000001 AS lon,current_nodes.version
FROM current_nodes
LEFT OUTER JOIN current_way_nodes cwn ON cwn.node_id=current_nodes.id
WHERE current_nodes.visible=TRUE
AND cwn.id IS NULL
- AND #{OSM.sql_for_area(bbox, "current_nodes.")}
- EOF
+ AND #{OSM.sql_for_area(bbox, 'current_nodes.')}
+ SQL
ActiveRecord::Base.connection.select_all(sql).each do |row|
poitags = {}
ActiveRecord::Base.connection.select_all("SELECT k,v FROM current_node_tags WHERE id=#{row['id']}").each do |n|
def sql_find_relations_in_area_and_ways(bbox, way_ids)
# ** It would be more Potlatchy to get relations for nodes within ways
# during 'getway', not here
- sql = <<-EOF
+ sql = <<-SQL
SELECT DISTINCT cr.id AS relid,cr.version AS version
FROM current_relations cr
INNER JOIN current_relation_members crm ON crm.id=cr.id
INNER JOIN current_nodes cn ON crm.member_id=cn.id AND crm.member_type='Node'
- WHERE #{OSM.sql_for_area(bbox, "cn.")}
- EOF
+ WHERE #{OSM.sql_for_area(bbox, 'cn.')}
+ SQL
unless way_ids.empty?
- sql += <<-EOF
+ sql += <<-SQL
UNION
SELECT DISTINCT cr.id AS relid,cr.version AS version
FROM current_relations cr
INNER JOIN current_relation_members crm ON crm.id=cr.id
WHERE crm.member_type='Way'
AND crm.member_id IN (#{way_ids.join(',')})
- EOF
+ SQL
end
ActiveRecord::Base.connection.select_all(sql).collect { |a| [a["relid"].to_i, a["version"].to_i] }
end
def sql_get_nodes_in_way(wayid)
points = []
- sql = <<-EOF
+ sql = <<-SQL
SELECT latitude*0.0000001 AS lat,longitude*0.0000001 AS lon,current_nodes.id,current_nodes.version
FROM current_way_nodes,current_nodes
WHERE current_way_nodes.id=#{wayid.to_i}
AND current_way_nodes.node_id=current_nodes.id
AND current_nodes.visible=TRUE
ORDER BY sequence_id
- EOF
+ SQL
ActiveRecord::Base.connection.select_all(sql).each do |row|
nodetags = {}
ActiveRecord::Base.connection.select_all("SELECT k,v FROM current_node_tags WHERE id=#{row['id']}").each do |n|