X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/e91c02f2ceb2b72a77846a0c31f5eca22b9b0a65..6cd694431ed325ce2013e9732b640234610271cc:/app/controllers/api/changesets_controller.rb diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb index 63fda31bd..c9c806de6 100644 --- a/app/controllers/api/changesets_controller.rb +++ b/app/controllers/api/changesets_controller.rb @@ -4,14 +4,14 @@ module Api class ChangesetsController < ApiController require "xml/libxml" + before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] + before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :subscribe, :unsubscribe] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] authorize_resource before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] - before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] - before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :subscribe, :unsubscribe] - before_action :set_request_formats, :only => [:download] + before_action :set_request_formats, :except => [:create, :close, :upload] around_action :api_call_handle_error around_action :api_call_timeout, :except => [:upload] @@ -19,6 +19,20 @@ module Api # Helper methods for checking consistency include ConsistencyValidations + ## + # Return XML giving the basic info about the changeset. Does not + # return anything about the nodes, ways and relations in the changeset. + def show + @changeset = Changeset.find(params[:id]) + @include_discussion = params[:include_discussion].presence + render "changeset" + + respond_to do |format| + format.xml + format.json + end + end + # Create a changeset from XML. def create assert_method :put @@ -35,15 +49,6 @@ module Api render :plain => cs.id.to_s end - ## - # Return XML giving the basic info about the changeset. Does not - # return anything about the nodes, ways and relations in the changeset. - def show - @changeset = Changeset.find(params[:id]) - @include_discussion = params[:include_discussion].presence - render "changeset" - end - ## # marks a changeset as closed. this may be called multiple times # on the same changeset, so is idempotent. @@ -87,6 +92,10 @@ module Api diff_reader = DiffReader.new(request.raw_post, changeset) Changeset.transaction do result = diff_reader.commit + # the number of changes in this changeset has already been + # updated and is visible in this transaction so we don't need + # to allow for any more when checking the limit + check_rate_limit(0) render :xml => result.to_s end end @@ -152,6 +161,8 @@ module Api ## # query changesets by bounding box, time, user or open/closed status. def query + raise OSM::APIBadUserInput, "cannot use order=oldest with time" if params[:time] && params[:order] == "oldest" + # find any bounding box bbox = BoundingBox.from_bbox_params(params) if params["bbox"] @@ -161,16 +172,29 @@ module Api changesets = conditions_bbox(changesets, bbox) changesets = conditions_user(changesets, params["user"], params["display_name"]) changesets = conditions_time(changesets, params["time"]) + changesets = conditions_from_to(changesets, params["from"], params["to"]) changesets = conditions_open(changesets, params["open"]) changesets = conditions_closed(changesets, params["closed"]) changesets = conditions_ids(changesets, params["changesets"]) - # sort and limit the changesets - changesets = changesets.order("created_at DESC").limit(100) + # sort the changesets + changesets = if params[:order] == "oldest" + changesets.order(:created_at => :asc) + else + changesets.order(:created_at => :desc) + end + + # limit the result + changesets = changesets.limit(result_limit) # preload users, tags and comments, and render result @changesets = changesets.preload(:user, :changeset_tags, :comments) render "changesets" + + respond_to do |format| + format.xml + format.json + end end ## @@ -191,6 +215,11 @@ module Api check_changeset_consistency(@changeset, current_user) @changeset.update_from(new_changeset, current_user) render "changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -212,6 +241,11 @@ module Api # Return a copy of the updated changeset @changeset = changeset render "changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -233,6 +267,11 @@ module Api # Return a copy of the updated changeset @changeset = changeset render "changeset" + + respond_to do |format| + format.xml + format.json + end end private @@ -244,7 +283,6 @@ module Api ## # if a bounding box was specified do some sanity checks. # restrict changesets to those enclosed by a bounding box - # we need to return both the changesets and the bounding box def conditions_bbox(changesets, bbox) if bbox bbox.check_boundaries @@ -272,7 +310,7 @@ module Api # user input checking, we don't have any UIDs < 1 raise OSM::APIBadUserInput, "invalid user ID" if user.to_i < 1 - u = User.find(user.to_i) + u = User.find_by(:id => user.to_i) else u = User.find_by(:display_name => name) end @@ -290,12 +328,12 @@ module Api raise OSM::APINotFoundError if current_user.nil? || current_user != u end - changesets.where(:user_id => u.id) + changesets.where(:user => u) end end ## - # restrict changes to those closed during a particular time period + # restrict changesets to those during a particular time period def conditions_time(changesets, time) if time.nil? changesets @@ -307,11 +345,11 @@ module Api times = time.split(",") raise OSM::APIBadUserInput, "bad time range" if times.size != 2 - from, to = times.collect { |t| Time.parse(t) } + from, to = times.collect { |t| Time.parse(t).utc } changesets.where("closed_at >= ? and created_at <= ?", from, to) else # if there is no comma, assume its a lower limit on time - changesets.where("closed_at >= ?", Time.parse(time)) + changesets.where("closed_at >= ?", Time.parse(time).utc) end # stupid Time seems to throw both of these for bad parsing, so # we have to catch both and ensure the correct code path is taken. @@ -319,6 +357,33 @@ module Api raise OSM::APIBadUserInput, e.message.to_s end + ## + # restrict changesets to those opened during a particular time period + # works similar to from..to of notes controller, including the requirement of 'from' when specifying 'to' + def conditions_from_to(changesets, from, to) + if from + begin + from = Time.parse(from).utc + rescue ArgumentError + raise OSM::APIBadUserInput, "Date #{from} is in a wrong format" + end + + begin + to = if to + Time.parse(to).utc + else + Time.now.utc + end + rescue ArgumentError + raise OSM::APIBadUserInput, "Date #{to} is in a wrong format" + end + + changesets.where(:created_at => from..to) + else + changesets + end + end + ## # return changesets which are open (haven't been closed yet) # we do this by seeing if the 'closed at' time is in the future. Also if we've @@ -329,7 +394,7 @@ module Api changesets else changesets.where("closed_at >= ? and num_changes <= ?", - Time.now.getutc, Changeset::MAX_ELEMENTS) + Time.now.utc, Changeset::MAX_ELEMENTS) end end @@ -341,7 +406,7 @@ module Api changesets else changesets.where("closed_at < ? or num_changes > ?", - Time.now.getutc, Changeset::MAX_ELEMENTS) + Time.now.utc, Changeset::MAX_ELEMENTS) end end @@ -358,5 +423,19 @@ module Api changesets.where(:id => ids) end end + + ## + # Get the maximum number of results to return + def result_limit + if params[:limit] + if params[:limit].to_i.positive? && params[:limit].to_i <= Settings.max_changeset_query_limit + params[:limit].to_i + else + raise OSM::APIBadUserInput, "Changeset limit must be between 1 and #{Settings.max_changeset_query_limit}" + end + else + Settings.default_changeset_query_limit + end + end end end