# The NodeController is the RESTful interface to Node objects
class NodeController < ApplicationController
- require 'xml/libxml'
+ require "xml/libxml"
- before_filter :authorize, :only => [:create, :update, :delete]
- before_filter :require_public_data, :only => [:create, :update, :delete]
- before_filter :check_api_writable, :only => [:create, :update, :delete]
- before_filter :check_api_readable, :except => [:create, :update, :delete]
- after_filter :compress_output
- around_filter :api_call_handle_error, :api_call_timeout
+ skip_before_action :verify_authenticity_token
+ before_action :authorize, :only => [:create, :update, :delete]
+ before_action :require_allow_write_api, :only => [:create, :update, :delete]
+ before_action :require_public_data, :only => [:create, :update, :delete]
+ before_action :check_api_writable, :only => [:create, :update, :delete]
+ before_action :check_api_readable, :except => [:create, :update, :delete]
+ around_action :api_call_handle_error, :api_call_timeout
# Create a node from XML.
def create
node = Node.from_xml(request.raw_post, true)
# Assume that Node.from_xml has thrown an exception if there is an error parsing the xml
- node.create_with_history @user
- render :text => node.id.to_s, :content_type => "text/plain"
+ node.create_with_history current_user
+ render :plain => node.id.to_s
end
# Dump the details on a node given in params[:id]
def read
node = Node.find(params[:id])
- if node.visible?
- response.headers['Last-Modified'] = node.timestamp.rfc822
- render :text => node.to_xml.to_s, :content_type => "text/xml"
+
+ response.last_modified = node.timestamp
+
+ if node.visible
+ render :xml => node.to_xml.to_s
else
- render :text => "", :status => :gone
+ head :gone
end
end
-
+
# Update a node from given XML
def update
node = Node.find(params[:id])
new_node = Node.from_xml(request.raw_post)
-
- unless new_node and new_node.id == node.id
- raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
- end
- node.update_from(new_node, @user)
- render :text => node.version.to_s, :content_type => "text/plain"
+
+ raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
+
+ node.update_from(new_node, current_user)
+ render :plain => node.version.to_s
end
- # Delete a node. Doesn't actually delete it, but retains its history
+ # Delete a node. Doesn't actually delete it, but retains its history
# in a wiki-like way. We therefore treat it like an update, so the delete
# method returns the new version number.
def delete
node = Node.find(params[:id])
new_node = Node.from_xml(request.raw_post)
-
- unless new_node and new_node.id == node.id
- raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
- end
- node.delete_with_history!(new_node, @user)
- render :text => node.version.to_s, :content_type => "text/plain"
+
+ raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
+
+ node.delete_with_history!(new_node, current_user)
+ render :plain => node.version.to_s
end
# Dump the details on many nodes whose ids are given in the "nodes" parameter.
def nodes
- ids = params['nodes'].split(',').collect { |n| n.to_i }
+ raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]" unless params["nodes"]
+
+ ids = params["nodes"].split(",").collect(&:to_i)
+
+ raise OSM::APIBadUserInput, "No nodes were given to search for" if ids.empty?
- if ids.length == 0
- raise OSM::APIBadUserInput.new("No nodes were given to search for")
- end
doc = OSM::API.new.get_xml_doc
Node.find(ids).each do |node|
doc.root << node.to_xml_node
end
- render :text => doc.to_s, :content_type => "text/xml"
+ render :xml => doc.to_s
end
end