X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/7ccd11ebf3c8e119a04119a2e89ce6a879560578..be9a501296bcb134ae700319155a636385212b64:/app/controllers/api/changesets_controller.rb diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb index dd43f7ed0..3d59eeb17 100644 --- a/app/controllers/api/changesets_controller.rb +++ b/app/controllers/api/changesets_controller.rb @@ -1,40 +1,58 @@ # The ChangesetController is the RESTful interface to Changeset objects module Api - class ChangesetsController < ApplicationController - layout "site" - require "xml/libxml" - - skip_before_action :verify_authenticity_token + class ChangesetsController < ApiController + before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] + before_action :setup_user_auth, :only => [:show] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] - before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox] authorize_resource before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] - before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] - before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :subscribe, :unsubscribe] - before_action(:only => [:index, :feed]) { |c| c.check_database_readable(true) } + before_action :set_request_formats, :except => [:create, :close, :upload] + around_action :api_call_handle_error around_action :api_call_timeout, :except => [:upload] # Helper methods for checking consistency include ConsistencyValidations - # Create a changeset from XML. - def create - assert_method :put + ## + # query changesets by bounding box, time, user or open/closed status. + def index + raise OSM::APIBadUserInput, "cannot use order=oldest with time" if params[:time] && params[:order] == "oldest" - cs = Changeset.from_xml(request.raw_post, true) + # find any bounding box + bbox = BoundingBox.from_bbox_params(params) if params["bbox"] - # Assume that Changeset.from_xml has thrown an exception if there is an error parsing the xml - cs.user = current_user - cs.save_with_tags! + # create the conditions that the user asked for. some or all of + # these may be nil. + changesets = Changeset.all + changesets = conditions_bbox(changesets, bbox) + changesets = conditions_user(changesets, params["user"], params["display_name"]) + changesets = conditions_time(changesets, params["time"]) + changesets = conditions_from_to(changesets, params["from"], params["to"]) + changesets = conditions_open(changesets, params["open"]) + changesets = conditions_closed(changesets, params["closed"]) + changesets = conditions_ids(changesets, params["changesets"]) - # Subscribe user to changeset comments - cs.subscribers << current_user + # sort the changesets + changesets = if params[:order] == "oldest" + changesets.order(:created_at => :asc) + else + changesets.order(:created_at => :desc) + end - render :plain => cs.id.to_s + # limit the result + changesets = changesets.limit(result_limit) + + # preload users, tags and comments, and render result + @changesets = changesets.preload(:user, :changeset_tags, :comments) + + respond_to do |format| + format.xml + format.json + end end ## @@ -42,16 +60,36 @@ module Api # return anything about the nodes, ways and relations in the changeset. def show @changeset = Changeset.find(params[:id]) - @include_discussion = params[:include_discussion].presence - render "changeset" + if params[:include_discussion].presence + @comments = @changeset.comments + @comments = @comments.unscope(:where => :visible) if params[:show_hidden_comments].presence && can?(:restore, ChangesetComment) + @comments = @comments.includes(:author) + end + + respond_to do |format| + format.xml + format.json + end + end + + # Create a changeset from XML. + def create + cs = Changeset.from_xml(request.raw_post, :create => true) + + # Assume that Changeset.from_xml has thrown an exception if there is an error parsing the xml + cs.user = current_user + cs.save_with_tags! + + # Subscribe user to changeset comments + cs.subscribe(current_user) + + render :plain => cs.id.to_s end ## # marks a changeset as closed. this may be called multiple times # on the same changeset, so is idempotent. def close - assert_method :put - changeset = Changeset.find(params[:id]) check_changeset_consistency(changeset, current_user) @@ -64,50 +102,6 @@ module Api head :ok end - ## - # insert a (set of) points into a changeset bounding box. this can only - # increase the size of the bounding box. this is a hint that clients can - # set either before uploading a large number of changes, or changes that - # the client (but not the server) knows will affect areas further away. - def expand_bbox - # only allow POST requests, because although this method is - # idempotent, there is no "document" to PUT really... - assert_method :post - - cs = Changeset.find(params[:id]) - check_changeset_consistency(cs, current_user) - - # keep an array of lons and lats - lon = [] - lat = [] - - # the request is in pseudo-osm format... this is kind-of an - # abuse, maybe should change to some other format? - doc = XML::Parser.string(request.raw_post, :options => XML::Parser::Options::NOERROR).parse - doc.find("//osm/node").each do |n| - lon << n["lon"].to_f * GeoRecord::SCALE - lat << n["lat"].to_f * GeoRecord::SCALE - end - - # add the existing bounding box to the lon-lat array - lon << cs.min_lon unless cs.min_lon.nil? - lat << cs.min_lat unless cs.min_lat.nil? - lon << cs.max_lon unless cs.max_lon.nil? - lat << cs.max_lat unless cs.max_lat.nil? - - # collapse the arrays to minimum and maximum - cs.min_lon = lon.min - cs.min_lat = lat.min - cs.max_lon = lon.max - cs.max_lat = lat.max - - # save the larger bounding box and return the changeset, which - # will include the bigger bounding box. - cs.save! - @changeset = cs - render "changeset" - end - ## # Upload a diff in a single transaction. # @@ -121,18 +115,16 @@ module Api # Returns: a diffResult document, as described in # http://wiki.openstreetmap.org/wiki/OSM_Protocol_Version_0.6 def upload - # only allow POST requests, as the upload method is most definitely - # not idempotent, as several uploads with placeholder IDs will have - # different side-effects. - # see http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.2 - assert_method :post - changeset = Changeset.find(params[:id]) check_changeset_consistency(changeset, current_user) diff_reader = DiffReader.new(request.raw_post, changeset) Changeset.transaction do result = diff_reader.commit + # the number of changes in this changeset has already been + # updated and is visible in this transaction so we don't need + # to allow for any more when checking the limit + check_rate_limit(0) render :xml => result.to_s end end @@ -162,67 +154,31 @@ module Api # almost sensible ordering available. this would be much nicer if # global (SVN-style) versioning were used - then that would be # unambiguous. - elements.sort! do |a, b| - if a.timestamp == b.timestamp - a.version <=> b.version - else - a.timestamp <=> b.timestamp - end - end - - # create changeset and user caches - changeset_cache = {} - user_display_name_cache = {} - - # create an osmChange document for the output - result = OSM::API.new.get_xml_doc - result.root.name = "osmChange" + elements.sort_by! { |e| [e.timestamp, e.version] } # generate an output element for each operation. note: we avoid looking # at the history because it is simpler - but it would be more correct to # check these assertions. + @created = [] + @modified = [] + @deleted = [] + elements.each do |elt| - result.root << - if elt.version == 1 - # first version, so it must be newly-created. - created = XML::Node.new "create" - created << elt.to_xml_node(changeset_cache, user_display_name_cache) - elsif elt.visible - # must be a modify - modified = XML::Node.new "modify" - modified << elt.to_xml_node(changeset_cache, user_display_name_cache) - else - # if the element isn't visible then it must have been deleted - deleted = XML::Node.new "delete" - deleted << elt.to_xml_node(changeset_cache, user_display_name_cache) - end + if elt.version == 1 + # first version, so it must be newly-created. + @created << elt + elsif elt.visible + # must be a modify + @modified << elt + else + # if the element isn't visible then it must have been deleted + @deleted << elt + end end - render :xml => result.to_s - end - - ## - # query changesets by bounding box, time, user or open/closed status. - def query - # find any bounding box - bbox = BoundingBox.from_bbox_params(params) if params["bbox"] - - # create the conditions that the user asked for. some or all of - # these may be nil. - changesets = Changeset.all - changesets = conditions_bbox(changesets, bbox) - changesets = conditions_user(changesets, params["user"], params["display_name"]) - changesets = conditions_time(changesets, params["time"]) - changesets = conditions_open(changesets, params["open"]) - changesets = conditions_closed(changesets, params["closed"]) - changesets = conditions_ids(changesets, params["changesets"]) - - # sort and limit the changesets - changesets = changesets.order("created_at DESC").limit(100) - - # preload users, tags and comments, and render result - @changesets = changesets.preload(:user, :changeset_tags, :comments) - render "changesets" + respond_to do |format| + format.xml + end end ## @@ -234,15 +190,17 @@ module Api # # after succesful update, returns the XML of the changeset. def update - # request *must* be a PUT. - assert_method :put - @changeset = Changeset.find(params[:id]) new_changeset = Changeset.from_xml(request.raw_post) check_changeset_consistency(@changeset, current_user) @changeset.update_from(new_changeset, current_user) - render "changeset" + render "show" + + respond_to do |format| + format.xml + format.json + end end ## @@ -256,14 +214,19 @@ module Api # Find the changeset and check it is valid changeset = Changeset.find(id) - raise OSM::APIChangesetAlreadySubscribedError, changeset if changeset.subscribers.exists?(current_user.id) + raise OSM::APIChangesetAlreadySubscribedError, changeset if changeset.subscribed?(current_user) # Add the subscriber - changeset.subscribers << current_user + changeset.subscribe(current_user) # Return a copy of the updated changeset @changeset = changeset - render "changeset" + render "show" + + respond_to do |format| + format.xml + format.json + end end ## @@ -277,14 +240,19 @@ module Api # Find the changeset and check it is valid changeset = Changeset.find(id) - raise OSM::APIChangesetNotSubscribedError, changeset unless changeset.subscribers.exists?(current_user.id) + raise OSM::APIChangesetNotSubscribedError, changeset unless changeset.subscribed?(current_user) # Remove the subscriber - changeset.subscribers.delete(current_user) + changeset.unsubscribe(current_user) # Return a copy of the updated changeset @changeset = changeset - render "changeset" + render "show" + + respond_to do |format| + format.xml + format.json + end end private @@ -296,7 +264,6 @@ module Api ## # if a bounding box was specified do some sanity checks. # restrict changesets to those enclosed by a bounding box - # we need to return both the changesets and the bounding box def conditions_bbox(changesets, bbox) if bbox bbox.check_boundaries @@ -324,7 +291,7 @@ module Api # user input checking, we don't have any UIDs < 1 raise OSM::APIBadUserInput, "invalid user ID" if user.to_i < 1 - u = User.find(user.to_i) + u = User.find_by(:id => user.to_i) else u = User.find_by(:display_name => name) end @@ -342,12 +309,12 @@ module Api raise OSM::APINotFoundError if current_user.nil? || current_user != u end - changesets.where(:user_id => u.id) + changesets.where(:user => u) end end ## - # restrict changes to those closed during a particular time period + # restrict changesets to those during a particular time period def conditions_time(changesets, time) if time.nil? changesets @@ -356,21 +323,46 @@ module Api # low, second is high - same as with bounding boxes. # check that we actually have 2 elements in the array - times = time.split(/,/) + times = time.split(",") raise OSM::APIBadUserInput, "bad time range" if times.size != 2 - from, to = times.collect { |t| Time.parse(t) } + from, to = times.collect { |t| Time.parse(t).utc } changesets.where("closed_at >= ? and created_at <= ?", from, to) else # if there is no comma, assume its a lower limit on time - changesets.where("closed_at >= ?", Time.parse(time)) + changesets.where(:closed_at => Time.parse(time).utc..) end # stupid Time seems to throw both of these for bad parsing, so # we have to catch both and ensure the correct code path is taken. - rescue ArgumentError => ex - raise OSM::APIBadUserInput, ex.message.to_s - rescue RuntimeError => ex - raise OSM::APIBadUserInput, ex.message.to_s + rescue ArgumentError, RuntimeError => e + raise OSM::APIBadUserInput, e.message.to_s + end + + ## + # restrict changesets to those opened during a particular time period + # works similar to from..to of notes controller, including the requirement of 'from' when specifying 'to' + def conditions_from_to(changesets, from, to) + if from + begin + from = Time.parse(from).utc + rescue ArgumentError + raise OSM::APIBadUserInput, "Date #{from} is in a wrong format" + end + + begin + to = if to + Time.parse(to).utc + else + Time.now.utc + end + rescue ArgumentError + raise OSM::APIBadUserInput, "Date #{to} is in a wrong format" + end + + changesets.where(:created_at => from..to) + else + changesets + end end ## @@ -383,7 +375,7 @@ module Api changesets else changesets.where("closed_at >= ? and num_changes <= ?", - Time.now.getutc, Changeset::MAX_ELEMENTS) + Time.now.utc, Changeset::MAX_ELEMENTS) end end @@ -395,7 +387,7 @@ module Api changesets else changesets.where("closed_at < ? or num_changes > ?", - Time.now.getutc, Changeset::MAX_ELEMENTS) + Time.now.utc, Changeset::MAX_ELEMENTS) end end @@ -412,5 +404,19 @@ module Api changesets.where(:id => ids) end end + + ## + # Get the maximum number of results to return + def result_limit + if params[:limit] + if params[:limit].to_i.positive? && params[:limit].to_i <= Settings.max_changeset_query_limit + params[:limit].to_i + else + raise OSM::APIBadUserInput, "Changeset limit must be between 1 and #{Settings.max_changeset_query_limit}" + end + else + Settings.default_changeset_query_limit + end + end end end