]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/changesets_controller.rb
Remove authorize_web call from traces api controller
[rails.git] / app / controllers / changesets_controller.rb
index 5b6d3e010db0e5ea89d290eb71e28856a70af3bb..fef4d85eb51273596dfe81ccfc0cad88ba81c19f 100644 (file)
@@ -1,12 +1,14 @@
 # The ChangesetController is the RESTful interface to Changeset objects
 
 class ChangesetsController < ApplicationController
+  include UserMethods
+
   layout "site"
   require "xml/libxml"
 
   before_action :authorize_web
   before_action :set_locale
-  before_action -> { check_database_readable(true) }, :only => [:index, :feed]
+  before_action -> { check_database_readable(:need_api => true) }, :only => [:index, :feed]
 
   authorize_resource
 
@@ -46,16 +48,16 @@ class ChangesetsController < ApplicationController
 
       if @params[:display_name]
         changesets = if user.data_public? || user == current_user
-                       changesets.where(:user_id => user.id)
+                       changesets.where(:user => user)
                      else
                        changesets.where("false")
                      end
       elsif @params[:bbox]
         changesets = conditions_bbox(changesets, BoundingBox.from_bbox_params(params))
       elsif @params[:friends] && current_user
-        changesets = changesets.where(:user_id => current_user.friends.identifiable)
+        changesets = changesets.where(:user => current_user.friends.identifiable)
       elsif @params[:nearby] && current_user
-        changesets = changesets.where(:user_id => current_user.nearby)
+        changesets = changesets.where(:user => current_user.nearby)
       end
 
       changesets = changesets.where("changesets.id <= ?", @params[:max_id]) if @params[:max_id]