X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/a4e5e8437f8c1836c6389f7aa49cc3884f3a7cf7..c0b4c1b9059890e1fb683a9822b966d4efd2698c:/app/controllers/changeset_controller.rb diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb index fad797cdc..f7f4dc9f0 100644 --- a/app/controllers/changeset_controller.rb +++ b/app/controllers/changeset_controller.rb @@ -3,6 +3,7 @@ class ChangesetController < ApplicationController require 'xml/libxml' + session :off before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close] before_filter :check_write_availability, :only => [:create, :update, :delete, :upload, :include] before_filter :check_read_availability, :except => [:create, :update, :delete, :upload, :download, :query] @@ -11,6 +12,9 @@ class ChangesetController < ApplicationController # Help methods for checking boundary sanity and area size include MapBoundary + # Helper methods for checking consistency + include ConsistencyValidations + # Create a changeset from XML. def create if request.put? @@ -28,6 +32,9 @@ class ChangesetController < ApplicationController end end + ## + # Return XML giving the basic info about the changeset. Does not + # return anything about the nodes, ways and relations in the changeset. def read begin changeset = Changeset.find(params[:id]) @@ -46,12 +53,9 @@ class ChangesetController < ApplicationController return end - changeset = Changeset.find(params[:id]) - - unless @user.id == changeset.user_id - raise OSM::APIUserChangesetMismatchError - end - + changeset = Changeset.find(params[:id]) + check_changeset_consistency(changeset, @user) + # to close the changeset, we'll just set its closed_at time to # now. this might not be enough if there are concurrency issues, # but we'll have to wait and see. @@ -75,12 +79,7 @@ class ChangesetController < ApplicationController # idempotent, there is no "document" to PUT really... if request.post? cs = Changeset.find(params[:id]) - - # check user credentials - only the user who opened a changeset - # may alter it. - unless @user.id == cs.user_id - raise OSM::APIUserChangesetMismatchError - end + check_changeset_consistency(cs, @user) # keep an array of lons and lats lon = Array.new @@ -142,12 +141,7 @@ class ChangesetController < ApplicationController end changeset = Changeset.find(params[:id]) - - # access control - only the user who created a changeset may - # upload to it. - unless @user.id == changeset.user_id - raise OSM::APIUserChangesetMismatchError - end + check_changeset_consistency(changeset, @user) diff_reader = DiffReader.new(request.raw_post, changeset) Changeset.transaction do @@ -281,6 +275,7 @@ class ChangesetController < ApplicationController new_changeset = Changeset.from_xml(request.raw_post) unless new_changeset.nil? + check_changeset_consistency(changeset, @user) changeset.update_from(new_changeset, @user) render :text => changeset.to_xml, :mime_type => "text/xml" else