skip_before_action :verify_authenticity_token
before_action :setup_user_auth, :only => [:history, :version]
+ before_action :api_deny_access_handler
before_action :authorize, :only => [:redact]
- before_action :authorize_moderator, :only => [:redact]
- before_action :require_allow_write_api, :only => [:redact]
+
+ authorize_resource
+
before_action :check_api_readable
before_action :check_api_writable, :only => [:redact]
- after_action :compress_output
around_action :api_call_handle_error, :api_call_timeout
before_action :lookup_old_element, :except => [:history]
before_action :lookup_old_element_versions, :only => [:history]
# the .where() method used in the lookup_old_element_versions
# call won't throw an error if no records are found, so we have
# to do that ourselves.
- fail OSM::APINotFoundError.new if @elements.empty?
+ raise OSM::APINotFoundError if @elements.empty?
doc = OSM::API.new.get_xml_doc
doc.root << element.to_xml_node
end
- render :text => doc.to_s, :content_type => "text/xml"
+ render :xml => doc.to_s
end
def version
if @old_element.redacted? && !show_redactions?
- render :text => "", :status => :forbidden
+ head :forbidden
else
response.last_modified = @old_element.timestamp
doc = OSM::API.new.get_xml_doc
doc.root << @old_element.to_xml_node
- render :text => doc.to_s, :content_type => "text/xml"
+ render :xml => doc.to_s
end
end
end
# just return an empty 200 OK for success
- render :text => ""
+ head :ok
end
private
def show_redactions?
- @user && @user.moderator? && params[:show_redactions] == "true"
+ current_user&.moderator? && params[:show_redactions] == "true"
end
end