X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/edaddbedaec78a252e988e2271962407e64483fd..fd588cd715494092b5f55ac406f7dc69a1104ba9:/app/controllers/node_controller.rb?ds=inline diff --git a/app/controllers/node_controller.rb b/app/controllers/node_controller.rb index 8eb698920..4880c46be 100644 --- a/app/controllers/node_controller.rb +++ b/app/controllers/node_controller.rb @@ -1,14 +1,15 @@ # The NodeController is the RESTful interface to Node objects class NodeController < ApplicationController - require 'xml/libxml' + require "xml/libxml" - before_filter :authorize, :only => [:create, :update, :delete] - before_filter :require_public_data, :only => [:create, :update, :delete] - before_filter :check_api_writable, :only => [:create, :update, :delete] - before_filter :check_api_readable, :except => [:create, :update, :delete] - after_filter :compress_output - around_filter :api_call_handle_error, :api_call_timeout + skip_before_action :verify_authenticity_token + before_action :authorize, :only => [:create, :update, :delete] + before_action :require_allow_write_api, :only => [:create, :update, :delete] + before_action :require_public_data, :only => [:create, :update, :delete] + before_action :check_api_writable, :only => [:create, :update, :delete] + before_action :check_api_readable, :except => [:create, :update, :delete] + around_action :api_call_handle_error, :api_call_timeout # Create a node from XML. def create @@ -24,35 +25,37 @@ class NodeController < ApplicationController # Dump the details on a node given in params[:id] def read node = Node.find(params[:id]) - if node.visible? - response.headers['Last-Modified'] = node.timestamp.rfc822 + + response.last_modified = node.timestamp + + if node.visible render :text => node.to_xml.to_s, :content_type => "text/xml" else render :text => "", :status => :gone end end - + # Update a node from given XML def update node = Node.find(params[:id]) new_node = Node.from_xml(request.raw_post) - - unless new_node and new_node.id == node.id - raise OSM::BadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})") + + unless new_node && new_node.id == node.id + fail OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})") end node.update_from(new_node, @user) render :text => node.version.to_s, :content_type => "text/plain" end - # Delete a node. Doesn't actually delete it, but retains its history + # Delete a node. Doesn't actually delete it, but retains its history # in a wiki-like way. We therefore treat it like an update, so the delete # method returns the new version number. def delete node = Node.find(params[:id]) new_node = Node.from_xml(request.raw_post) - - unless new_node and new_node.id == node.id - raise OSM::BadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})") + + unless new_node && new_node.id == node.id + fail OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})") end node.delete_with_history!(new_node, @user) render :text => node.version.to_s, :content_type => "text/plain" @@ -60,10 +63,14 @@ class NodeController < ApplicationController # Dump the details on many nodes whose ids are given in the "nodes" parameter. def nodes - ids = params['nodes'].split(',').collect { |n| n.to_i } + unless params["nodes"] + fail OSM::APIBadUserInput.new("The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]") + end + + ids = params["nodes"].split(",").collect(&:to_i) if ids.length == 0 - raise OSM::BadUserInput.new("No nodes were given to search for") + fail OSM::APIBadUserInput.new("No nodes were given to search for") end doc = OSM::API.new.get_xml_doc