protect_from_forgery
+ before_filter :fetch_body
+
if STATUS == :database_readonly or STATUS == :database_offline
def self.cache_sweeper(*sweepers)
end
end
end
+ def require_oauth
+ @oauth = @user.access_token(OAUTH_KEY) if @user and defined? OAUTH_KEY
+ end
+
##
# requires the user to be logged in by the token or HTTP methods, or have an
# OAuth token with the right capability. this method is a bit of a pain to call
def require_allow_write_gpx
require_capability(:allow_write_gpx)
end
+ def require_allow_write_notes
+ require_capability(:allow_write_notes)
+ end
##
# require that the user is a moderator, or fill out a helpful error message
end
end
- I18n.locale = request.compatible_language_from(I18n.available_locales) || I18n.default_locale
+ I18n.locale = params[:locale] || request.compatible_language_from(I18n.available_locales) || I18n.default_locale
response.headers['Content-Language'] = I18n.locale.to_s
end
format.all { render :nothing => true, :status => :not_found }
end
end
-
+
+ ##
+ # Unfortunately if a PUT or POST request that has a body fails to
+ # read it then Apache will sometimes fail to return the response it
+ # is given to the client properly, instead erroring:
+ #
+ # https://issues.apache.org/bugzilla/show_bug.cgi?id=44782
+ #
+ # To work round this we call rewind on the body here, which is added
+ # as a filter, to force it to be fetched from Apache into a file.
+ def fetch_body
+ request.body.rewind
+ end
+
private
# extract authorisation credentials from headers, returns user = nil if none