Refactor api controllers to inherit from a common ApiController

diff --git a/app/controllers/api/amf_controller.rb b/app/controllers/api/amf_controller.rb
index 509cf1d77c7847a77f1b8d6f849b9aae6116850d..0cf511d76333cb7ba9d0975c9019fd3fabbc91b3 100644 (file)
--- a/app/controllers/api/amf_controller.rb
+++ b/app/controllers/api/amf_controller.rb
@@ -36,10 +36,9 @@
 # * version conflict when POIs and ways are reverted
 
 module Api
-  class AmfController < ApplicationController
+  class AmfController < ApiController
     include Potlatch
 
-    skip_before_action :verify_authenticity_token
     before_action :check_api_writable
 
     # AMF Controller implements its own authentication and authorization checks

diff --git a/app/controllers/api/capabilities_controller.rb b/app/controllers/api/capabilities_controller.rb
index 8337bc8091ee6d1229f5727fca88cb42cc41f54e..68968d107c3a0fc2e447ca560b4bab7d0e5acdc9 100644 (file)
--- a/app/controllers/api/capabilities_controller.rb
+++ b/app/controllers/api/capabilities_controller.rb
@@ -1,6 +1,5 @@
 module Api
-  class CapabilitiesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class CapabilitiesController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

diff --git a/app/controllers/api/changes_controller.rb b/app/controllers/api/changes_controller.rb
index c9195e1d9b97f6335a34a82f6f00d16e4724deca..97ddc176348b3319351350ebe8efaa2325b279d1 100644 (file)
--- a/app/controllers/api/changes_controller.rb
+++ b/app/controllers/api/changes_controller.rb
@@ -1,6 +1,5 @@
 module Api
-  class ChangesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class ChangesController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb
index 0bebce433666f5d7d0fbbfa4854517c3b281efdf..db90dcbe3f3c88e00916a5aca3df9eea762e3bb6 100644 (file)
--- a/app/controllers/api/changeset_comments_controller.rb
+++ b/app/controllers/api/changeset_comments_controller.rb
@@ -1,6 +1,5 @@
 module Api
-  class ChangesetCommentsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class ChangesetCommentsController < ApiController
     before_action :authorize
     before_action :api_deny_access_handler
 

diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb
index dd43f7ed0943e59829d3902ee2142717eb200bb8..0f016c9025d5e8dca63d2705658aab3b3aebd726 100644 (file)
--- a/app/controllers/api/changesets_controller.rb
+++ b/app/controllers/api/changesets_controller.rb
@@ -1,11 +1,10 @@
 # The ChangesetController is the RESTful interface to Changeset objects
 
 module Api
-  class ChangesetsController < ApplicationController
+  class ChangesetsController < ApiController
     layout "site"
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
     before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox]
 

diff --git a/app/controllers/api/map_controller.rb b/app/controllers/api/map_controller.rb
index e8d36c8ec375e5e69eb25b290d1c524695d9112c..1073660713d106cafa8781fd9d2c4aa7462fc2f6 100644 (file)
--- a/app/controllers/api/map_controller.rb
+++ b/app/controllers/api/map_controller.rb
@@ -1,6 +1,5 @@
 module Api
-  class MapController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class MapController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

diff --git a/app/controllers/api/nodes_controller.rb b/app/controllers/api/nodes_controller.rb
index 4e46b38d56461c94f50f162169623f1f2ff8a05a..d081b28bb31b45f5c3e8d37a589aabdee0952a2b 100644 (file)
--- a/app/controllers/api/nodes_controller.rb
+++ b/app/controllers/api/nodes_controller.rb
@@ -1,10 +1,9 @@
 # The NodeController is the RESTful interface to Node objects
 
 module Api
-  class NodesController < ApplicationController
+  class NodesController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :delete]
     before_action :api_deny_access_handler
 

diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb
index 686e76b147d0141d960950309d485aa78a6f6c8f..92b68bd4616f892f9d9ae5ffd1ec0f399e94de37 100644 (file)
--- a/app/controllers/api/notes_controller.rb
+++ b/app/controllers/api/notes_controller.rb
@@ -1,8 +1,7 @@
 module Api
-  class NotesController < ApplicationController
+  class NotesController < ApiController
     layout "site", :only => [:mine]
 
-    skip_before_action :verify_authenticity_token
     before_action :check_api_readable
     before_action :setup_user_auth, :only => [:create, :comment, :show]
     before_action :authorize, :only => [:close, :reopen, :destroy]

diff --git a/app/controllers/api/old_controller.rb b/app/controllers/api/old_controller.rb
index 9a86bded590ea8c143634480a01023514f1d2be5..9d9f2fabc656d6421ee6d987e94c85d63cb681ab 100644 (file)
--- a/app/controllers/api/old_controller.rb
+++ b/app/controllers/api/old_controller.rb
@@ -2,10 +2,9 @@
 # into one place. as it turns out, the API methods for historical
 # nodes, ways and relations are basically identical.
 module Api
-  class OldController < ApplicationController
+  class OldController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :setup_user_auth, :only => [:history, :version]
     before_action :api_deny_access_handler
     before_action :authorize, :only => [:redact]

diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb
index b24aca776dcfef6afeb0d0c476aaaea6bd46d5b4..15f3812674ab3bd520cf52e04ad94b302498ba82 100644 (file)
--- a/app/controllers/api/permissions_controller.rb
+++ b/app/controllers/api/permissions_controller.rb
@@ -1,6 +1,5 @@
 module Api
-  class PermissionsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class PermissionsController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

diff --git a/app/controllers/api/relations_controller.rb b/app/controllers/api/relations_controller.rb
index a0740b382819f720d59013a3b70157834428c758..6f52f2f946a119c7d915f8586b4b7c7e4b09d495 100644 (file)
--- a/app/controllers/api/relations_controller.rb
+++ b/app/controllers/api/relations_controller.rb
@@ -1,8 +1,7 @@
 module Api
-  class RelationsController < ApplicationController
+  class RelationsController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :delete]
     before_action :api_deny_access_handler
 

diff --git a/app/controllers/api/search_controller.rb b/app/controllers/api/search_controller.rb
index 0afbbf8e2a40990947c8bf9eeb88b883bd98f721..feb487ac0e4d44369a7d49b5296b28afd93aa548 100644 (file)
--- a/app/controllers/api/search_controller.rb
+++ b/app/controllers/api/search_controller.rb
@@ -1,9 +1,8 @@
 module Api
-  class SearchController < ApplicationController
+  class SearchController < ApiController
     # Support searching for nodes, ways, or all
     # Can search by tag k, v, or both (type->k,value->v)
     # Can search by name (k=name,v=....)
-    skip_before_action :verify_authenticity_token
     authorize_resource :class => false
 
     def search_all

diff --git a/app/controllers/api/swf_controller.rb b/app/controllers/api/swf_controller.rb
index d48731b7023404cf72c7c388a6affd988502e718..2f8a5392da459274b423468d52664db6ad51b270 100644 (file)
--- a/app/controllers/api/swf_controller.rb
+++ b/app/controllers/api/swf_controller.rb
@@ -1,6 +1,5 @@
 module Api
-  class SwfController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class SwfController < ApiController
     before_action :check_api_readable
     authorize_resource :class => false
 

diff --git a/app/controllers/api/tracepoints_controller.rb b/app/controllers/api/tracepoints_controller.rb
index c71b5a3e9a06d7e6c5e7e1d3fea08282ae4db29f..7799de2660a88102f1d1071c99f1df20983c09f0 100644 (file)
--- a/app/controllers/api/tracepoints_controller.rb
+++ b/app/controllers/api/tracepoints_controller.rb
@@ -1,6 +1,5 @@
 module Api
-  class TracepointsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class TracepointsController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource

diff --git a/app/controllers/api/traces_controller.rb b/app/controllers/api/traces_controller.rb
index d7f2f043a3182b28cd15710e05ab69f66e339cbf..88b6edc67903782a0e7b90d4a5d0aa269b8a30b2 100644 (file)
--- a/app/controllers/api/traces_controller.rb
+++ b/app/controllers/api/traces_controller.rb
@@ -1,8 +1,7 @@
 module Api
-  class TracesController < ApplicationController
+  class TracesController < ApiController
     layout "site", :except => :georss
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize_web
     before_action :set_locale
     before_action :authorize

diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb
index 82f6c6a4d78255d6fdc8b17087888679f54ed4f6..39e0dff300d83078e3fffcb54b5b4d04d29a74cf 100644 (file)
--- a/app/controllers/api/user_preferences_controller.rb
+++ b/app/controllers/api/user_preferences_controller.rb
@@ -1,7 +1,6 @@
 # Update and read user preferences, which are arbitrayr key/val pairs
 module Api
-  class UserPreferencesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class UserPreferencesController < ApiController
     before_action :authorize
 
     authorize_resource

diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
index 70ad93f65e4862c33f73bd40d8a52f302f7317c6..5c3a6cb8e7e12d01f775c43f8457dad490f2dd6a 100644 (file)
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -1,8 +1,7 @@
 module Api
-  class UsersController < ApplicationController
+  class UsersController < ApiController
     layout "site", :except => [:api_details]
 
-    skip_before_action :verify_authenticity_token
     before_action :disable_terms_redirect, :only => [:api_details]
     before_action :authorize, :only => [:api_details, :api_gpx_files]
     before_action :api_deny_access_handler

diff --git a/app/controllers/api/ways_controller.rb b/app/controllers/api/ways_controller.rb
index 8684c5cfb13a9ea3575af5838b6c89df3887aeae..2de2d619becf6408927f18ded462a45478bd8c28 100644 (file)
--- a/app/controllers/api/ways_controller.rb
+++ b/app/controllers/api/ways_controller.rb
@@ -1,8 +1,7 @@
 module Api
-  class WaysController < ApplicationController
+  class WaysController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :delete]
     before_action :api_deny_access_handler
 

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
new file mode 100644 (file)
index 0000000..fb3717b
--- /dev/null
+++ b/app/controllers/api_controller.rb
@@ -0,0 +1,3 @@
+class ApiController < ApplicationController
+  skip_before_action :verify_authenticity_token
+end