X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/8348493ccb02fd0bb3f46733d8176b503f9f9883..e5674abd2c9b0359b06c281804f7286e22b9a258:/app/controllers/changeset_controller.rb?ds=sidebyside diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb index d7764d995..f7f4dc9f0 100644 --- a/app/controllers/changeset_controller.rb +++ b/app/controllers/changeset_controller.rb @@ -3,6 +3,7 @@ class ChangesetController < ApplicationController require 'xml/libxml' + session :off before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close] before_filter :check_write_availability, :only => [:create, :update, :delete, :upload, :include] before_filter :check_read_availability, :except => [:create, :update, :delete, :upload, :download, :query] @@ -11,6 +12,9 @@ class ChangesetController < ApplicationController # Help methods for checking boundary sanity and area size include MapBoundary + # Helper methods for checking consistency + include ConsistencyValidations + # Create a changeset from XML. def create if request.put? @@ -28,6 +32,9 @@ class ChangesetController < ApplicationController end end + ## + # Return XML giving the basic info about the changeset. Does not + # return anything about the nodes, ways and relations in the changeset. def read begin changeset = Changeset.find(params[:id]) @@ -46,12 +53,9 @@ class ChangesetController < ApplicationController return end - changeset = Changeset.find(params[:id]) - - unless @user.id == changeset.user_id - raise OSM::APIUserChangesetMismatchError - end - + changeset = Changeset.find(params[:id]) + check_changeset_consistency(changeset, @user) + # to close the changeset, we'll just set its closed_at time to # now. this might not be enough if there are concurrency issues, # but we'll have to wait and see. @@ -70,17 +74,12 @@ class ChangesetController < ApplicationController # increase the size of the bounding box. this is a hint that clients can # set either before uploading a large number of changes, or changes that # the client (but not the server) knows will affect areas further away. - def include + def expand_bbox # only allow POST requests, because although this method is # idempotent, there is no "document" to PUT really... if request.post? cs = Changeset.find(params[:id]) - - # check user credentials - only the user who opened a changeset - # may alter it. - unless @user.id == cs.user_id - raise OSM::APIUserChangesetMismatchError - end + check_changeset_consistency(cs, @user) # keep an array of lons and lats lon = Array.new @@ -142,12 +141,7 @@ class ChangesetController < ApplicationController end changeset = Changeset.find(params[:id]) - - # access control - only the user who created a changeset may - # upload to it. - unless @user.id == changeset.user_id - raise OSM::APIUserChangesetMismatchError - end + check_changeset_consistency(changeset, @user) diff_reader = DiffReader.new(request.raw_post, changeset) Changeset.transaction do @@ -281,6 +275,7 @@ class ChangesetController < ApplicationController new_changeset = Changeset.from_xml(request.raw_post) unless new_changeset.nil? + check_changeset_consistency(changeset, @user) changeset.update_from(new_changeset, @user) render :text => changeset.to_xml, :mime_type => "text/xml" else