X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/067b0de4391a32124aef23c56d73e2bb492df8ca..5047ec403db94b0d371a9a10b56801bc0a3fcf0a:/app/controllers/api/users_controller.rb diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index 9da9d3226..58b02a489 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,16 +1,13 @@ module Api class UsersController < ApiController - before_action :check_api_readable - before_action :disable_terms_redirect, :only => [:details] before_action :setup_user_auth, :only => [:show, :index] - before_action :authorize, :only => [:details, :gpx_files] + before_action -> { authorize(:skip_terms => true) }, :only => [:details] authorize_resource - around_action :api_call_handle_error - before_action :lookup_user_by_id, :only => [:show] + load_resource :only => :show - before_action :set_request_formats, :except => [:gpx_files] + before_action :set_request_formats def index raise OSM::APIBadUserInput, "The parameter users is required, and must be of the form users=id[,id[,id...]]" unless params["users"] @@ -19,7 +16,7 @@ module Api raise OSM::APIBadUserInput, "No users were given to search for" if ids.empty? - @users = User.visible.find(ids) + @users = User.visible.where(:id => ids).in_order_of(:id, ids) # Render the result respond_to do |format| @@ -48,27 +45,5 @@ module Api format.json { render :show } end end - - def gpx_files - @traces = current_user.traces.reload - render :content_type => "application/xml" - end - - private - - ## - # ensure that there is a "user" instance variable - def lookup_user_by_id - @user = User.find(params[:id]) - end - - ## - # - def disable_terms_redirect - # this is necessary otherwise going to the user terms page, when - # having not agreed already would cause an infinite redirect loop. - # it's .now so that this doesn't propagate to other pages. - flash.now[:skip_terms] = true - end end end