Refactor api controllers to inherit from a common ApiController

author Andy Allan <git@gravitystorm.co.uk>

Wed, 20 Mar 2019 13:16:15 +0000 (14:16 +0100)

committer Andy Allan <git@gravitystorm.co.uk>

Wed, 20 Mar 2019 13:16:15 +0000 (14:16 +0100)
author Andy Allan <git@gravitystorm.co.uk>
Wed, 20 Mar 2019 13:16:15 +0000 (14:16 +0100)
committer Andy Allan <git@gravitystorm.co.uk>
Wed, 20 Mar 2019 13:16:15 +0000 (14:16 +0100)
diff --git a/app/controllers/api/amf_controller.rb b/app/controllers/api/amf_controller.rb

index 509cf1d77c7847a77f1b8d6f849b9aae6116850d..0cf511d76333cb7ba9d0975c9019fd3fabbc91b3 100644 (file)
--- a/app/controllers/api/amf_controller.rb
+++ b/app/controllers/api/amf_controller.rb
@@ -36,10 +36,9 @@
  # * version conflict when POIs and ways are reverted
  
  module Api
  # * version conflict when POIs and ways are reverted
  
  module Api
-  class AmfController < ApplicationController
+  class AmfController < ApiController
      include Potlatch
  
      include Potlatch
  
-    skip_before_action :verify_authenticity_token
      before_action :check_api_writable
  
      # AMF Controller implements its own authentication and authorization checks
      before_action :check_api_writable
  
      # AMF Controller implements its own authentication and authorization checks
diff --git a/app/controllers/api/capabilities_controller.rb b/app/controllers/api/capabilities_controller.rb

index 8337bc8091ee6d1229f5727fca88cb42cc41f54e..68968d107c3a0fc2e447ca560b4bab7d0e5acdc9 100644 (file)
--- a/app/controllers/api/capabilities_controller.rb
+++ b/app/controllers/api/capabilities_controller.rb
@@ -1,6 +1,5 @@
  module Api
  module Api
-  class CapabilitiesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class CapabilitiesController < ApiController
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
diff --git a/app/controllers/api/changes_controller.rb b/app/controllers/api/changes_controller.rb

index c9195e1d9b97f6335a34a82f6f00d16e4724deca..97ddc176348b3319351350ebe8efaa2325b279d1 100644 (file)
--- a/app/controllers/api/changes_controller.rb
+++ b/app/controllers/api/changes_controller.rb
@@ -1,6 +1,5 @@
  module Api
  module Api
-  class ChangesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class ChangesController < ApiController
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb

index 0bebce433666f5d7d0fbbfa4854517c3b281efdf..db90dcbe3f3c88e00916a5aca3df9eea762e3bb6 100644 (file)
--- a/app/controllers/api/changeset_comments_controller.rb
+++ b/app/controllers/api/changeset_comments_controller.rb
@@ -1,6 +1,5 @@
  module Api
  module Api
-  class ChangesetCommentsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class ChangesetCommentsController < ApiController
      before_action :authorize
      before_action :api_deny_access_handler
  
      before_action :authorize
      before_action :api_deny_access_handler
  
diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb

index dd43f7ed0943e59829d3902ee2142717eb200bb8..0f016c9025d5e8dca63d2705658aab3b3aebd726 100644 (file)
--- a/app/controllers/api/changesets_controller.rb
+++ b/app/controllers/api/changesets_controller.rb
@@ -1,11 +1,10 @@
  # The ChangesetController is the RESTful interface to Changeset objects
  
  module Api
  # The ChangesetController is the RESTful interface to Changeset objects
  
  module Api
-  class ChangesetsController < ApplicationController
+  class ChangesetsController < ApiController
      layout "site"
      require "xml/libxml"
  
      layout "site"
      require "xml/libxml"
  
-    skip_before_action :verify_authenticity_token
      before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
      before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox]
  
      before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
      before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox]
  
diff --git a/app/controllers/api/map_controller.rb b/app/controllers/api/map_controller.rb

index e8d36c8ec375e5e69eb25b290d1c524695d9112c..1073660713d106cafa8781fd9d2c4aa7462fc2f6 100644 (file)
--- a/app/controllers/api/map_controller.rb
+++ b/app/controllers/api/map_controller.rb
@@ -1,6 +1,5 @@
  module Api
  module Api
-  class MapController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class MapController < ApiController
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
diff --git a/app/controllers/api/nodes_controller.rb b/app/controllers/api/nodes_controller.rb

index 4e46b38d56461c94f50f162169623f1f2ff8a05a..d081b28bb31b45f5c3e8d37a589aabdee0952a2b 100644 (file)
--- a/app/controllers/api/nodes_controller.rb
+++ b/app/controllers/api/nodes_controller.rb
@@ -1,10 +1,9 @@
  # The NodeController is the RESTful interface to Node objects
  
  module Api
  # The NodeController is the RESTful interface to Node objects
  
  module Api
-  class NodesController < ApplicationController
+  class NodesController < ApiController
      require "xml/libxml"
  
      require "xml/libxml"
  
-    skip_before_action :verify_authenticity_token
      before_action :authorize, :only => [:create, :update, :delete]
      before_action :api_deny_access_handler
  
      before_action :authorize, :only => [:create, :update, :delete]
      before_action :api_deny_access_handler
  
diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb

index 686e76b147d0141d960950309d485aa78a6f6c8f..92b68bd4616f892f9d9ae5ffd1ec0f399e94de37 100644 (file)
--- a/app/controllers/api/notes_controller.rb
+++ b/app/controllers/api/notes_controller.rb
@@ -1,8 +1,7 @@
  module Api
  module Api
-  class NotesController < ApplicationController
+  class NotesController < ApiController
      layout "site", :only => [:mine]
  
      layout "site", :only => [:mine]
  
-    skip_before_action :verify_authenticity_token
      before_action :check_api_readable
      before_action :setup_user_auth, :only => [:create, :comment, :show]
      before_action :authorize, :only => [:close, :reopen, :destroy]
      before_action :check_api_readable
      before_action :setup_user_auth, :only => [:create, :comment, :show]
      before_action :authorize, :only => [:close, :reopen, :destroy]
diff --git a/app/controllers/api/old_controller.rb b/app/controllers/api/old_controller.rb

index 9a86bded590ea8c143634480a01023514f1d2be5..9d9f2fabc656d6421ee6d987e94c85d63cb681ab 100644 (file)
--- a/app/controllers/api/old_controller.rb
+++ b/app/controllers/api/old_controller.rb
@@ -2,10 +2,9 @@
  # into one place. as it turns out, the API methods for historical
  # nodes, ways and relations are basically identical.
  module Api
  # into one place. as it turns out, the API methods for historical
  # nodes, ways and relations are basically identical.
  module Api
-  class OldController < ApplicationController
+  class OldController < ApiController
      require "xml/libxml"
  
      require "xml/libxml"
  
-    skip_before_action :verify_authenticity_token
      before_action :setup_user_auth, :only => [:history, :version]
      before_action :api_deny_access_handler
      before_action :authorize, :only => [:redact]
      before_action :setup_user_auth, :only => [:history, :version]
      before_action :api_deny_access_handler
      before_action :authorize, :only => [:redact]
diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb

index b24aca776dcfef6afeb0d0c476aaaea6bd46d5b4..15f3812674ab3bd520cf52e04ad94b302498ba82 100644 (file)
--- a/app/controllers/api/permissions_controller.rb
+++ b/app/controllers/api/permissions_controller.rb
@@ -1,6 +1,5 @@
  module Api
  module Api
-  class PermissionsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class PermissionsController < ApiController
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
      before_action :api_deny_access_handler
  
      authorize_resource :class => false
diff --git a/app/controllers/api/relations_controller.rb b/app/controllers/api/relations_controller.rb

index a0740b382819f720d59013a3b70157834428c758..6f52f2f946a119c7d915f8586b4b7c7e4b09d495 100644 (file)
--- a/app/controllers/api/relations_controller.rb
+++ b/app/controllers/api/relations_controller.rb
@@ -1,8 +1,7 @@
  module Api
  module Api
-  class RelationsController < ApplicationController
+  class RelationsController < ApiController
      require "xml/libxml"
  
      require "xml/libxml"
  
-    skip_before_action :verify_authenticity_token
      before_action :authorize, :only => [:create, :update, :delete]
      before_action :api_deny_access_handler
  
      before_action :authorize, :only => [:create, :update, :delete]
      before_action :api_deny_access_handler
  
diff --git a/app/controllers/api/search_controller.rb b/app/controllers/api/search_controller.rb

index 0afbbf8e2a40990947c8bf9eeb88b883bd98f721..feb487ac0e4d44369a7d49b5296b28afd93aa548 100644 (file)
--- a/app/controllers/api/search_controller.rb
+++ b/app/controllers/api/search_controller.rb
@@ -1,9 +1,8 @@
  module Api
  module Api
-  class SearchController < ApplicationController
+  class SearchController < ApiController
      # Support searching for nodes, ways, or all
      # Can search by tag k, v, or both (type->k,value->v)
      # Can search by name (k=name,v=....)
      # Support searching for nodes, ways, or all
      # Can search by tag k, v, or both (type->k,value->v)
      # Can search by name (k=name,v=....)
-    skip_before_action :verify_authenticity_token
      authorize_resource :class => false
  
      def search_all
      authorize_resource :class => false
  
      def search_all
diff --git a/app/controllers/api/swf_controller.rb b/app/controllers/api/swf_controller.rb

index d48731b7023404cf72c7c388a6affd988502e718..2f8a5392da459274b423468d52664db6ad51b270 100644 (file)
--- a/app/controllers/api/swf_controller.rb
+++ b/app/controllers/api/swf_controller.rb
@@ -1,6 +1,5 @@
  module Api
  module Api
-  class SwfController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class SwfController < ApiController
      before_action :check_api_readable
      authorize_resource :class => false
  
      before_action :check_api_readable
      authorize_resource :class => false
  
diff --git a/app/controllers/api/tracepoints_controller.rb b/app/controllers/api/tracepoints_controller.rb

index c71b5a3e9a06d7e6c5e7e1d3fea08282ae4db29f..7799de2660a88102f1d1071c99f1df20983c09f0 100644 (file)
--- a/app/controllers/api/tracepoints_controller.rb
+++ b/app/controllers/api/tracepoints_controller.rb
@@ -1,6 +1,5 @@
  module Api
  module Api
-  class TracepointsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class TracepointsController < ApiController
      before_action :api_deny_access_handler
  
      authorize_resource
      before_action :api_deny_access_handler
  
      authorize_resource
diff --git a/app/controllers/api/traces_controller.rb b/app/controllers/api/traces_controller.rb

index d7f2f043a3182b28cd15710e05ab69f66e339cbf..88b6edc67903782a0e7b90d4a5d0aa269b8a30b2 100644 (file)
--- a/app/controllers/api/traces_controller.rb
+++ b/app/controllers/api/traces_controller.rb
@@ -1,8 +1,7 @@
  module Api
  module Api
-  class TracesController < ApplicationController
+  class TracesController < ApiController
      layout "site", :except => :georss
  
      layout "site", :except => :georss
  
-    skip_before_action :verify_authenticity_token
      before_action :authorize_web
      before_action :set_locale
      before_action :authorize
      before_action :authorize_web
      before_action :set_locale
      before_action :authorize
diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb

index 82f6c6a4d78255d6fdc8b17087888679f54ed4f6..39e0dff300d83078e3fffcb54b5b4d04d29a74cf 100644 (file)
--- a/app/controllers/api/user_preferences_controller.rb
+++ b/app/controllers/api/user_preferences_controller.rb
@@ -1,7 +1,6 @@
  # Update and read user preferences, which are arbitrayr key/val pairs
  module Api
  # Update and read user preferences, which are arbitrayr key/val pairs
  module Api
-  class UserPreferencesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class UserPreferencesController < ApiController
      before_action :authorize
  
      authorize_resource
      before_action :authorize
  
      authorize_resource
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb

index 70ad93f65e4862c33f73bd40d8a52f302f7317c6..5c3a6cb8e7e12d01f775c43f8457dad490f2dd6a 100644 (file)
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -1,8 +1,7 @@
  module Api
  module Api
-  class UsersController < ApplicationController
+  class UsersController < ApiController
      layout "site", :except => [:api_details]
  
      layout "site", :except => [:api_details]
  
-    skip_before_action :verify_authenticity_token
      before_action :disable_terms_redirect, :only => [:api_details]
      before_action :authorize, :only => [:api_details, :api_gpx_files]
      before_action :api_deny_access_handler
      before_action :disable_terms_redirect, :only => [:api_details]
      before_action :authorize, :only => [:api_details, :api_gpx_files]
      before_action :api_deny_access_handler
diff --git a/app/controllers/api/ways_controller.rb b/app/controllers/api/ways_controller.rb

index 8684c5cfb13a9ea3575af5838b6c89df3887aeae..2de2d619becf6408927f18ded462a45478bd8c28 100644 (file)
--- a/app/controllers/api/ways_controller.rb
+++ b/app/controllers/api/ways_controller.rb
@@ -1,8 +1,7 @@
  module Api
  module Api
-  class WaysController < ApplicationController
+  class WaysController < ApiController
      require "xml/libxml"
  
      require "xml/libxml"
  
-    skip_before_action :verify_authenticity_token
      before_action :authorize, :only => [:create, :update, :delete]
      before_action :api_deny_access_handler
  
      before_action :authorize, :only => [:create, :update, :delete]
      before_action :api_deny_access_handler
  
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb

new file mode 100644 (file)

index 0000000..fb3717b
--- /dev/null
+++ b/app/controllers/api_controller.rb
@@ -0,0 +1,3 @@
+class ApiController < ApplicationController
+  skip_before_action :verify_authenticity_token
+end
author	Andy Allan <git@gravitystorm.co.uk>
	Wed, 20 Mar 2019 13:16:15 +0000 (14:16 +0100)
committer	Andy Allan <git@gravitystorm.co.uk>
	Wed, 20 Mar 2019 13:16:15 +0000 (14:16 +0100)
app/controllers/api/amf_controller.rb		patch \| blob \| history
app/controllers/api/capabilities_controller.rb		patch \| blob \| history
app/controllers/api/changes_controller.rb		patch \| blob \| history
app/controllers/api/changeset_comments_controller.rb		patch \| blob \| history
app/controllers/api/changesets_controller.rb		patch \| blob \| history
app/controllers/api/map_controller.rb		patch \| blob \| history
app/controllers/api/nodes_controller.rb		patch \| blob \| history
app/controllers/api/notes_controller.rb		patch \| blob \| history
app/controllers/api/old_controller.rb		patch \| blob \| history
app/controllers/api/permissions_controller.rb		patch \| blob \| history
app/controllers/api/relations_controller.rb		patch \| blob \| history
app/controllers/api/search_controller.rb		patch \| blob \| history
app/controllers/api/swf_controller.rb		patch \| blob \| history
app/controllers/api/tracepoints_controller.rb		patch \| blob \| history
app/controllers/api/traces_controller.rb		patch \| blob \| history
app/controllers/api/user_preferences_controller.rb		patch \| blob \| history
app/controllers/api/users_controller.rb		patch \| blob \| history
app/controllers/api/ways_controller.rb		patch \| blob \| history
app/controllers/api_controller.rb	[new file with mode: 0644]	patch \| blob