+# The NodeController is the RESTful interface to Node objects
+
class NodeController < ApplicationController
- require 'xml/libxml'
-
- before_filter :authorize
+ require "xml/libxml"
+
+ skip_before_action :verify_authenticity_token
+ before_action :authorize, :only => [:create, :update, :delete]
+ before_action :require_allow_write_api, :only => [:create, :update, :delete]
+ before_action :require_public_data, :only => [:create, :update, :delete]
+ before_action :check_api_writable, :only => [:create, :update, :delete]
+ before_action :check_api_readable, :except => [:create, :update, :delete]
+ around_action :api_call_handle_error, :api_call_timeout
+ # Create a node from XML.
def create
- if request.post?
- userid = dao.useridfromcreds(r.user, r.get_basic_auth_pw)
- doc = Document.new $stdin.read
-
- doc.elements.each('osm/node') do |pt|
- lat = pt.attributes['lat'].to_f
- lon = pt.attributes['lon'].to_f
- xmlnodeid = pt.attributes['id'].to_i
-
- tags = []
- pt.elements.each('tag') do |tag|
- tags << [tag.attributes['k'],tag.attributes['v']]
- end
-
- tags = tags.collect { |k,v| "#{k}=#{v}" }.join(';')
-
- tags = '' unless tags
- if xmlnodeid == nodeid && userid != 0
- if nodeid == 0
- new_node_id = dao.create_node(lat, lon, userid, tags)
- if new_node_id
- puts new_node_id
- exit
- else
- exit HTTP_INTERNAL_SERVER_ERROR
- end
- else
- node = dao.getnode(nodeid)
- if node
- #FIXME: need to check the node hasn't moved too much
- if dao.update_node?(nodeid, userid, lat, lon, tags)
- exit
- else
- exit HTTP_INTERNAL_SERVER_ERROR
- end
- else
- exit HTTP_NOT_FOUND
- end
- end
-
- else
- exit BAD_REQUEST
- end
- end
- exit HTTP_INTERNAL_SERVER_ERROR
+ assert_method :put
+ node = Node.from_xml(request.raw_post, true)
- end
+ # Assume that Node.from_xml has thrown an exception if there is an error parsing the xml
+ node.create_with_history current_user
+ render :plain => node.id.to_s
end
+ # Dump the details on a node given in params[:id]
+ def read
+ node = Node.find(params[:id])
- def rest
-
- #
- # POST ???
- #
-
- if request.post?
- nodeid = r.args.match(/nodeid=([0-9]+)/).captures.first.to_i
- userid = dao.useridfromcreds(r.user, r.get_basic_auth_pw)
- doc = Document.new $stdin.read
-
- doc.elements.each('osm/node') do |pt|
- lat = pt.attributes['lat'].to_f
- lon = pt.attributes['lon'].to_f
- xmlnodeid = pt.attributes['id'].to_i
-
- tags = []
- pt.elements.each('tag') do |tag|
- tags << [tag.attributes['k'],tag.attributes['v']]
- end
-
- tags = tags.collect { |k,v| "#{k}=#{v}" }.join(';')
-
- tags = '' unless tags
- if xmlnodeid == nodeid && userid != 0
- if nodeid == 0
- new_node_id = dao.create_node(lat, lon, userid, tags)
- if new_node_id
- puts new_node_id
- exit
- else
- exit HTTP_INTERNAL_SERVER_ERROR
- end
- else
- node = dao.getnode(nodeid)
- if node
- #FIXME: need to check the node hasn't moved too much
- if dao.update_node?(nodeid, userid, lat, lon, tags)
- exit
- else
- exit HTTP_INTERNAL_SERVER_ERROR
- end
- else
- exit HTTP_NOT_FOUND
- end
- end
-
- else
- exit BAD_REQUEST
- end
- end
- exit HTTP_INTERNAL_SERVER_ERROR
+ response.last_modified = node.timestamp
+ if node.visible
+ render :xml => node.to_xml.to_s
+ else
+ head :gone
end
+ end
- #
- # GET ???
- #
-
- if request.get?
- node = node.find(params[:id])
- doc = Document.new
- doc.encoding = "UTF-8"
- root = Node.new 'osm'
- root['version'] = '0.4'
- root['generator'] = 'OpenStreetMap server'
- doc.root = root
- el1 = Node.new 'node'
- el1['id'] = node.id.to_s
- el1['lat'] = node.latitude.to_s
- el1['lon'] = node.longitude.to_s
- split_tags(el1, node.tags)
- el1['visible'] = node.visible.to_s
- el1['timestamp'] = node.timestamp
- root << el1
-
- render :text => doc.to_s, :template => false
- end
+ # Update a node from given XML
+ def update
+ node = Node.find(params[:id])
+ new_node = Node.from_xml(request.raw_post)
- #
- # DELETE????
- #
-
- if request.delete?
- userid = dao.useridfromcreds(r.user, r.get_basic_auth_pw)
- #cgi doesnt work with DELETE so extract manually:
- nodeid = r.args.match(/nodeid=([0-9]+)/).captures.first.to_i
-
- if userid > 0 && nodeid != 0
- node = dao.getnode(nodeid)
- if node
- if node.visible
- if dao.delete_node?(nodeid, userid)
- exit
- else
- exit HTTP_INTERNAL_SERVER_ERROR
- end
- else
- exit HTTP_GONE
- end
- else
- exit HTTP_NOT_FOUND
- end
- else
- exit BAD_REQUEST
-
- end
+ raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
+ node.update_from(new_node, current_user)
+ render :plain => node.version.to_s
+ end
- end
+ # Delete a node. Doesn't actually delete it, but retains its history
+ # in a wiki-like way. We therefore treat it like an update, so the delete
+ # method returns the new version number.
+ def delete
+ node = Node.find(params[:id])
+ new_node = Node.from_xml(request.raw_post)
+ raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
+ node.delete_with_history!(new_node, current_user)
+ render :plain => node.version.to_s
end
- private
- def split_tags(el, tags)
- tags.split(';').each do |tag|
- parts = tag.split('=')
- key = ''
- val = ''
- key = parts[0].strip unless parts[0].nil?
- val = parts[1].strip unless parts[1].nil?
- if key != '' && val != ''
- el2 = Node.new('tag')
- el2['k'] = key.to_s
- el2['v'] = val.to_s
- el << el2
- end
+ # Dump the details on many nodes whose ids are given in the "nodes" parameter.
+ def nodes
+ raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]" unless params["nodes"]
+
+ ids = params["nodes"].split(",").collect(&:to_i)
+
+ raise OSM::APIBadUserInput, "No nodes were given to search for" if ids.empty?
+
+ doc = OSM::API.new.get_xml_doc
+
+ Node.find(ids).each do |node|
+ doc.root << node.to_xml_node
end
- end
+ render :xml => doc.to_s
+ end
end