X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/7953a883d003b47859f53ea40ccd1db5dae9e040..11806a676fb88f51ece004b7c05bde38f1e77706:/app/controllers/old_controller.rb diff --git a/app/controllers/old_controller.rb b/app/controllers/old_controller.rb index e137554d5..74fe0883b 100644 --- a/app/controllers/old_controller.rb +++ b/app/controllers/old_controller.rb @@ -2,23 +2,29 @@ # into one place. as it turns out, the API methods for historical # nodes, ways and relations are basically identical. class OldController < ApplicationController - require 'xml/libxml' - - skip_before_filter :verify_authenticity_token - before_filter :setup_user_auth, :only => [ :history, :version ] - before_filter :authorize, :only => [ :redact ] - before_filter :authorize_moderator, :only => [ :redact ] - before_filter :require_allow_write_api, :only => [ :redact ] - before_filter :check_api_readable - before_filter :check_api_writable, :only => [ :redact ] - after_filter :compress_output - around_filter :api_call_handle_error, :api_call_timeout - before_filter :lookup_old_element, :except => [ :history ] - before_filter :lookup_old_elements_via_current, :only => [ :history ] + require "xml/libxml" + + skip_before_action :verify_authenticity_token + before_action :setup_user_auth, :only => [:history, :version] + before_action :api_deny_access_handler + before_action :authorize, :only => [:redact] + + authorize_resource + + before_action :check_api_readable + before_action :check_api_writable, :only => [:redact] + around_action :api_call_handle_error, :api_call_timeout + before_action :lookup_old_element, :except => [:history] + before_action :lookup_old_element_versions, :only => [:history] def history + # the .where() method used in the lookup_old_element_versions + # call won't throw an error if no records are found, so we have + # to do that ourselves. + raise OSM::APINotFoundError if @elements.empty? + doc = OSM::API.new.get_xml_doc - + visible_elements = if show_redactions? @elements else @@ -28,46 +34,44 @@ class OldController < ApplicationController visible_elements.each do |element| doc.root << element.to_xml_node end - - render :text => doc.to_s, :content_type => "text/xml" + + render :xml => doc.to_s end - + def version - if @old_element.redacted? and not show_redactions? - render :nothing => true, :status => :forbidden + if @old_element.redacted? && !show_redactions? + head :forbidden else response.last_modified = @old_element.timestamp - + doc = OSM::API.new.get_xml_doc doc.root << @old_element.to_xml_node - - render :text => doc.to_s, :content_type => "text/xml" + + render :xml => doc.to_s end end def redact - redaction_id = params['redaction'] - unless redaction_id.nil? - # if a redaction ID was specified, then set this element to - # be redacted in that redaction. (TODO: check that the - # user doing the redaction owns the redaction object too) - redaction = Redaction.find(redaction_id.to_i) - @old_element.redact!(redaction) - - else + redaction_id = params["redaction"] + if redaction_id.nil? # if no redaction ID was provided, then this is an unredact # operation. @old_element.redact!(nil) + else + # if a redaction ID was specified, then set this element to + # be redacted in that redaction. + redaction = Redaction.find(redaction_id.to_i) + @old_element.redact!(redaction) end - + # just return an empty 200 OK for success - render :nothing => true + head :ok end private - + def show_redactions? - @user and @user.moderator? and params[:show_redactions] == "true" + current_user&.moderator? && params[:show_redactions] == "true" end end