X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/64146b4f3614854e6a0f8430f27261fe0a0ca26c..908324323e8801ff76a7cde812e61dbbb03a33ce:/app/controllers/amf_controller.rb?ds=inline diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb index b164eddaf..2ad0fe6e0 100644 --- a/app/controllers/amf_controller.rb +++ b/app/controllers/amf_controller.rb @@ -41,6 +41,11 @@ class AmfController < ApplicationController skip_before_action :verify_authenticity_token before_action :check_api_writable + # AMF Controller implements its own authentication and authorization checks + # completely independently of the rest of the codebase, so best just to let + # it keep doing its own thing. + skip_authorization_check + # Main AMF handlers: process the raw AMF string (using AMF library) and # calls each action (private method) accordingly. @@ -139,7 +144,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so Potlatch can't write any changes to the database." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? if cstags return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(cstags) @@ -472,7 +477,7 @@ class AmfController < ApplicationController return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? query = Trace.visible_to(user) - query = if searchterm.to_i > 0 + query = if searchterm.to_i.positive? query.where(:id => searchterm.to_i) else query.where("MATCH(name) AGAINST (?)", searchterm).limit(21) @@ -508,7 +513,7 @@ class AmfController < ApplicationController def findrelations(searchterm) rels = [] - if searchterm.to_i > 0 + if searchterm.to_i.positive? rel = Relation.where(:id => searchterm.to_i).first rels.push([rel.id, rel.tags, rel.members, rel.version]) if rel&.visible else @@ -532,7 +537,7 @@ class AmfController < ApplicationController return -1, "You are not logged in, so the relation could not be saved." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags) @@ -545,7 +550,7 @@ class AmfController < ApplicationController relation = nil Relation.transaction do # create a new relation, or find the existing one - relation = Relation.find(relid) if relid > 0 + relation = Relation.find(relid) if relid.positive? # We always need a new node, based on the data that has been sent to us new_relation = Relation.new @@ -553,7 +558,7 @@ class AmfController < ApplicationController typedmembers = [] members.each do |m| mid = m[1].to_i - if mid < 0 + if mid.negative? mid = renumberednodes[mid] if m[0] == "Node" mid = renumberedways[mid] if m[0] == "Way" end @@ -620,7 +625,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so the way could not be saved." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? return -2, "Server error - way is only #{pointlist.length} points long." if pointlist.length < 2 @@ -730,7 +735,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so the point could not be saved." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags) @@ -741,7 +746,7 @@ class AmfController < ApplicationController node = nil new_node = nil Node.transaction do - if id > 0 + if id.positive? begin node = Node.find(id) rescue ActiveRecord::RecordNotFound @@ -817,7 +822,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so the way could not be deleted." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? way_id = way_id.to_i nodeversions = {}