Verify that the key and value isn't getting mixed up by having them different. verify...

[rails.git] / app / controllers / changeset_controller.rb

diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb
index cd49176e63e105e16819cdc00f392189594e58d9..5a0be35888039347ea877adc9b5488304424cf45 100644 (file)
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@@ -38,25 +38,28 @@ class ChangesetController < ApplicationController
     end
   end
   
+  ##
+  # marks a changeset as closed. this may be called multiple times
+  # on the same changeset, so is idempotent.
   def close 
-    begin
-      unless request.put?
-        render :nothing => true, :status => :method_not_allowed
-        return
-      end
-
-      changeset = Changeset.find(params[:id])
-
-      unless @user.id == changeset.user_id 
-        raise OSM::APIUserChangesetMismatchError 
-      end
-
-      changeset.open = false
-      changeset.save!
-      render :nothing => true
-    rescue ActiveRecord::RecordNotFound
-      render :nothing => true, :status => :not_found
+    unless request.put?
+      render :nothing => true, :status => :method_not_allowed
+      return
+    end
+    
+    changeset = Changeset.find(params[:id])
+    
+    unless @user.id == changeset.user_id 
+      raise OSM::APIUserChangesetMismatchError 
     end
+    
+    changeset.open = false
+    changeset.save!
+    render :nothing => true
+  rescue ActiveRecord::RecordNotFound
+    render :nothing => true, :status => :not_found
+  rescue OSM::APIError => ex
+    render ex.render_opts
   end
 
   ##
@@ -233,9 +236,9 @@ class ChangesetController < ApplicationController
     # create the conditions that the user asked for. some or all of
     # these may be nil.
     conditions = conditions_bbox(params['bbox'])
-    cond_merge conditions, conditions_user(params['user'])
-    cond_merge conditions, conditions_time(params['time'])
-    cond_merge conditions, conditions_open(params['open'])
+    conditions = cond_merge conditions, conditions_user(params['user'])
+    conditions = cond_merge conditions, conditions_time(params['time'])
+    conditions = cond_merge conditions, conditions_open(params['open'])
 
     # create the results document
     results = OSM::API.new.get_xml_doc
@@ -330,7 +333,15 @@ class ChangesetController < ApplicationController
   def conditions_user(user)
     unless user.nil?
       u = User.find(user.to_i)
-      raise OSM::APINotFoundError unless u.data_public?
+      # should be able to get changesets of public users only, or 
+      # our own changesets regardless of public-ness.
+      unless u.data_public?
+        # get optional user auth stuff so that users can see their own
+        # changesets if they're non-public
+        setup_user_auth
+        
+        raise OSM::APINotFoundError if @user.nil? or @user.id != u.id
+      end
       return ['user_id = ?', u.id]
     else
       return nil
@@ -344,11 +355,11 @@ class ChangesetController < ApplicationController
       # if there is a range, i.e: comma separated, then the first is 
       # low, second is high - same as with bounding boxes.
       if time.count(',') == 1
-        from, to = time.split(/,/).collect { |t| Date.parse(t) }
+        from, to = time.split(/,/).collect { |t| DateTime.parse(t) }
         return ['created_at > ? and created_at < ?', from, to]
       else
         # if there is no comma, assume its a lower limit on time
-        return ['created_at > ?', Date.parse(time)]
+        return ['created_at > ?', DateTime.parse(time)]
       end
     else
       return nil