]> git.openstreetmap.org Git - rails.git/blobdiff - lib/consistency_validations.rb
Avoid mass assignment error in spam observer
[rails.git] / lib / consistency_validations.rb
index 8fd6c257d732d30d219df8ac0e2df12185ab4ed2..d23ef8400ee4ab1df6fc2c19f3db0a724795eb52 100644 (file)
@@ -6,14 +6,16 @@ module ConsistencyValidations
   # needed for creates, but are currently not run :-( 
   # This will throw an exception if there is an inconsistency
   def check_consistency(old, new, user)
   # needed for creates, but are currently not run :-( 
   # This will throw an exception if there is an inconsistency
   def check_consistency(old, new, user)
-    if new.version != old.version
-      raise OSM::APIVersionMismatchError.new(new.version, old.version)
+    if new.id != old.id or new.id.nil? or old.id.nil?
+      raise OSM::APIPreconditionFailedError.new("New and old IDs don't match on #{new.class.to_s}. #{new.id} != #{old.id}.")
+    elsif new.version != old.version
+      raise OSM::APIVersionMismatchError.new(new.id, new.class.to_s, new.version, old.version)
     elsif new.changeset.nil?
       raise OSM::APIChangesetMissingError.new
     elsif new.changeset.user_id != user.id
       raise OSM::APIUserChangesetMismatchError.new
     elsif not new.changeset.is_open?
     elsif new.changeset.nil?
       raise OSM::APIChangesetMissingError.new
     elsif new.changeset.user_id != user.id
       raise OSM::APIUserChangesetMismatchError.new
     elsif not new.changeset.is_open?
-      raise OSM::APIChangesetAlreadyClosedError.new
+      raise OSM::APIChangesetAlreadyClosedError.new(new.changeset)
     end
   end
   
     end
   end
   
@@ -24,7 +26,22 @@ module ConsistencyValidations
     elsif new.changeset.user_id != user.id
       raise OSM::APIUserChangesetMismatchError.new
     elsif not new.changeset.is_open?
     elsif new.changeset.user_id != user.id
       raise OSM::APIUserChangesetMismatchError.new
     elsif not new.changeset.is_open?
-      raise OSM::APIChangesetAlreadyClosedError.new
+      raise OSM::APIChangesetAlreadyClosedError.new(new.changeset)
+    end
+  end
+
+  ##
+  # subset of consistency checks which should be applied to almost
+  # all the changeset controller's writable methods.
+  def check_changeset_consistency(changeset, user)
+    # check user credentials - only the user who opened a changeset
+    # may alter it.
+    if changeset.nil?
+      raise OSM::APIChangesetMissingError.new
+    elsif user.id != changeset.user_id 
+      raise OSM::APIUserChangesetMismatchError.new
+    elsif not changeset.is_open?
+      raise OSM::APIChangesetAlreadyClosedError.new(changeset)
     end
   end
 end
     end
   end
 end