From: Tom Hughes Date: Tue, 12 Apr 2022 16:12:16 +0000 (+0100) Subject: Merge remote-tracking branch 'upstream/pull/3523' X-Git-Tag: live~1761 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/9c0582f88fd2ef4e20c6eb922bcd4cb1a04258d5?hp=561ee71129c7d40380d384ce93c1f062651de32b Merge remote-tracking branch 'upstream/pull/3523' --- diff --git a/Gemfile.lock b/Gemfile.lock index 34ff51957..9a04b3765 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -86,7 +86,7 @@ GEM autoprefixer-rails (10.4.2.0) execjs (~> 2) aws-eventstream (1.2.0) - aws-partitions (1.573.0) + aws-partitions (1.575.0) aws-sdk-core (3.130.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) @@ -124,7 +124,7 @@ GEM bootstrap_form (4.5.0) actionpack (>= 5.2) activemodel (>= 5.2) - brakeman (5.2.1) + brakeman (5.2.2) browser (5.3.1) builder (3.2.4) bzip2-ffi (1.1.0) @@ -218,7 +218,7 @@ GEM faraday (2.2.0) faraday-net_http (~> 2.0) ruby2_keywords (>= 0.0.4) - faraday-net_http (2.0.1) + faraday-net_http (2.0.2) ffi (1.15.5) ffi-compiler (1.0.1) ffi (>= 1.0.0) @@ -287,7 +287,7 @@ GEM mini_mime (1.1.2) mini_portile2 (2.8.0) minitest (5.15.0) - msgpack (1.4.5) + msgpack (1.5.1) multi_json (1.15.0) multi_xml (0.6.0) net-imap (0.2.3) @@ -305,7 +305,7 @@ GEM net-protocol timeout nio4r (2.5.8) - nokogiri (1.13.3) + nokogiri (1.13.4) mini_portile2 (~> 2.8.0) racc (~> 1.4) oauth (0.4.7) @@ -359,7 +359,7 @@ GEM pg (1.3.5) popper_js (1.16.0) progress (3.6.0) - public_suffix (4.0.6) + public_suffix (4.0.7) puma (5.6.4) nio4r (~> 2.0) quad_tile (1.0.1) @@ -414,13 +414,13 @@ GEM rb-fsevent (0.11.1) rb-inotify (0.10.1) ffi (~> 1.0) - regexp_parser (2.2.1) + regexp_parser (2.3.0) request_store (1.5.1) rack (>= 1.4) rexml (3.2.5) rinku (2.0.6) rotp (6.2.0) - rubocop (1.26.1) + rubocop (1.27.0) parallel (~> 1.10) parser (>= 3.1.0.0) rainbow (>= 2.2.2, < 4.0) @@ -429,9 +429,9 @@ GEM rubocop-ast (>= 1.16.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.16.0) + rubocop-ast (1.17.0) parser (>= 3.1.1.0) - rubocop-minitest (0.18.0) + rubocop-minitest (0.19.1) rubocop (>= 0.90, < 2.0) rubocop-performance (1.13.3) rubocop (>= 1.7.0, < 2.0) diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index 4cd33a92b..8b971834d 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -1,12 +1,13 @@ module Api class ChangesetCommentsController < ApiController + before_action :check_api_writable + before_action :check_api_readable, :except => [:create] before_action :authorize authorize_resource before_action :require_public_data, :only => [:create] - before_action :check_api_writable - before_action :check_api_readable, :except => [:create] + before_action :set_request_formats around_action :api_call_handle_error around_action :api_call_timeout @@ -41,6 +42,11 @@ module Api # Return a copy of the updated changeset @changeset = changeset render "api/changesets/changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -61,6 +67,11 @@ module Api # Return a copy of the updated changeset @changeset = comment.changeset render "api/changesets/changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -81,6 +92,11 @@ module Api # Return a copy of the updated changeset @changeset = comment.changeset render "api/changesets/changeset" + + respond_to do |format| + format.xml + format.json + end end end end diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb index df27ab5ca..24e7fb925 100644 --- a/app/controllers/api/changesets_controller.rb +++ b/app/controllers/api/changesets_controller.rb @@ -4,14 +4,14 @@ module Api class ChangesetsController < ApiController require "xml/libxml" + before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] + before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :subscribe, :unsubscribe] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] authorize_resource before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] - before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] - before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :subscribe, :unsubscribe] - before_action :set_request_formats, :only => [:download] + before_action :set_request_formats, :except => [:create, :close, :upload] around_action :api_call_handle_error around_action :api_call_timeout, :except => [:upload] @@ -42,6 +42,11 @@ module Api @changeset = Changeset.find(params[:id]) @include_discussion = params[:include_discussion].presence render "changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -171,6 +176,11 @@ module Api # preload users, tags and comments, and render result @changesets = changesets.preload(:user, :changeset_tags, :comments) render "changesets" + + respond_to do |format| + format.xml + format.json + end end ## @@ -191,6 +201,11 @@ module Api check_changeset_consistency(@changeset, current_user) @changeset.update_from(new_changeset, current_user) render "changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -212,6 +227,11 @@ module Api # Return a copy of the updated changeset @changeset = changeset render "changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -233,6 +253,11 @@ module Api # Return a copy of the updated changeset @changeset = changeset render "changeset" + + respond_to do |format| + format.xml + format.json + end end private diff --git a/app/controllers/api/map_controller.rb b/app/controllers/api/map_controller.rb index 1b5150537..0d123fc3e 100644 --- a/app/controllers/api/map_controller.rb +++ b/app/controllers/api/map_controller.rb @@ -1,8 +1,9 @@ module Api class MapController < ApiController + before_action :check_api_readable + authorize_resource :class => false - before_action :check_api_readable around_action :api_call_handle_error, :api_call_timeout before_action :set_request_formats diff --git a/app/controllers/api/nodes_controller.rb b/app/controllers/api/nodes_controller.rb index 62eb76505..92779dd67 100644 --- a/app/controllers/api/nodes_controller.rb +++ b/app/controllers/api/nodes_controller.rb @@ -4,13 +4,13 @@ module Api class NodesController < ApiController require "xml/libxml" + before_action :check_api_writable, :only => [:create, :update, :delete] + before_action :check_api_readable, :except => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] authorize_resource before_action :require_public_data, :only => [:create, :update, :delete] - before_action :check_api_writable, :only => [:create, :update, :delete] - before_action :check_api_readable, :except => [:create, :update, :delete] around_action :api_call_handle_error, :api_call_timeout before_action :set_request_formats, :except => [:create, :update, :delete] diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index 8a41d5db8..7454e7f19 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -1,12 +1,12 @@ module Api class NotesController < ApiController before_action :check_api_readable + before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :setup_user_auth, :only => [:create, :comment, :show] before_action :authorize, :only => [:close, :reopen, :destroy, :comment] authorize_resource - before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :set_locale around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/old_controller.rb b/app/controllers/api/old_controller.rb index f8e42476f..ceed10978 100644 --- a/app/controllers/api/old_controller.rb +++ b/app/controllers/api/old_controller.rb @@ -5,13 +5,13 @@ module Api class OldController < ApiController require "xml/libxml" + before_action :check_api_readable + before_action :check_api_writable, :only => [:redact] before_action :setup_user_auth, :only => [:history, :version] before_action :authorize, :only => [:redact] authorize_resource - before_action :check_api_readable - before_action :check_api_writable, :only => [:redact] around_action :api_call_handle_error, :api_call_timeout before_action :lookup_old_element, :except => [:history] before_action :lookup_old_element_versions, :only => [:history] diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb index 07685ed68..8c0c949dc 100644 --- a/app/controllers/api/permissions_controller.rb +++ b/app/controllers/api/permissions_controller.rb @@ -1,8 +1,9 @@ module Api class PermissionsController < ApiController + before_action :check_api_readable + authorize_resource :class => false - before_action :check_api_readable before_action :setup_user_auth before_action :set_request_formats around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/relations_controller.rb b/app/controllers/api/relations_controller.rb index 9bb3eb87c..5dd5632ba 100644 --- a/app/controllers/api/relations_controller.rb +++ b/app/controllers/api/relations_controller.rb @@ -2,13 +2,13 @@ module Api class RelationsController < ApiController require "xml/libxml" + before_action :check_api_writable, :only => [:create, :update, :delete] + before_action :check_api_readable, :except => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] authorize_resource before_action :require_public_data, :only => [:create, :update, :delete] - before_action :check_api_writable, :only => [:create, :update, :delete] - before_action :check_api_readable, :except => [:create, :update, :delete] around_action :api_call_handle_error, :api_call_timeout before_action :set_request_formats, :except => [:create, :update, :delete] diff --git a/app/controllers/api/tracepoints_controller.rb b/app/controllers/api/tracepoints_controller.rb index e758d559f..e8bd97b64 100644 --- a/app/controllers/api/tracepoints_controller.rb +++ b/app/controllers/api/tracepoints_controller.rb @@ -1,8 +1,9 @@ module Api class TracepointsController < ApiController + before_action :check_api_readable + authorize_resource - before_action :check_api_readable around_action :api_call_handle_error, :api_call_timeout # Get an XML response containing a list of tracepoints that have been uploaded diff --git a/app/controllers/api/traces_controller.rb b/app/controllers/api/traces_controller.rb index 6a0ec81ec..8121764a1 100644 --- a/app/controllers/api/traces_controller.rb +++ b/app/controllers/api/traces_controller.rb @@ -1,13 +1,13 @@ module Api class TracesController < ApiController + before_action :check_database_readable, :except => [:show, :data] + before_action :check_database_writable, :only => [:create, :update, :destroy] before_action :authorize_web before_action :set_locale before_action :authorize authorize_resource - before_action :check_database_readable, :except => [:show, :data] - before_action :check_database_writable, :only => [:create, :update, :destroy] before_action :check_api_readable, :only => [:show, :data] before_action :check_api_writable, :only => [:create, :update, :destroy] before_action :offline_error, :only => [:create, :destroy, :data] diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index a452cb930..d4baf4a82 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,12 +1,12 @@ module Api class UsersController < ApiController + before_action :check_api_readable before_action :disable_terms_redirect, :only => [:details] before_action :setup_user_auth, :only => [:show, :index] before_action :authorize, :only => [:details, :gpx_files] authorize_resource - before_action :check_api_readable around_action :api_call_handle_error before_action :lookup_user_by_id, :only => [:show] diff --git a/app/controllers/api/ways_controller.rb b/app/controllers/api/ways_controller.rb index f88f3a1d0..ca4acd611 100644 --- a/app/controllers/api/ways_controller.rb +++ b/app/controllers/api/ways_controller.rb @@ -2,13 +2,13 @@ module Api class WaysController < ApiController require "xml/libxml" + before_action :check_api_writable, :only => [:create, :update, :delete] + before_action :check_api_readable, :except => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] authorize_resource before_action :require_public_data, :only => [:create, :update, :delete] - before_action :check_api_writable, :only => [:create, :update, :delete] - before_action :check_api_readable, :except => [:create, :update, :delete] around_action :api_call_handle_error, :api_call_timeout before_action :set_request_formats, :except => [:create, :update, :delete] diff --git a/app/views/api/changesets/_changeset.json.jbuilder b/app/views/api/changesets/_changeset.json.jbuilder new file mode 100644 index 000000000..25b366011 --- /dev/null +++ b/app/views/api/changesets/_changeset.json.jbuilder @@ -0,0 +1,33 @@ +# basic attributes +json.id changeset.id +json.created_at changeset.created_at.xmlschema +json.open changeset.open? +json.comments_count changeset.comments.length +json.changes_count changeset.num_changes + +json.closed_at changeset.closed_at.xmlschema unless changeset.open? +if changeset.bbox.complete? + json.min_lat GeoRecord::Coord.new(changeset.bbox.to_unscaled.min_lat) + json.min_lon GeoRecord::Coord.new(changeset.bbox.to_unscaled.min_lon) + json.max_lat GeoRecord::Coord.new(changeset.bbox.to_unscaled.max_lat) + json.max_lon GeoRecord::Coord.new(changeset.bbox.to_unscaled.max_lon) +end + +# user attributes +if changeset.user.data_public? + json.uid changeset.user_id + json.user changeset.user.display_name +end + +json.tags changeset.tags unless changeset.tags.empty? + +if @include_discussion + json.comments(changeset.comments) do |comment| + json.date comment.created_at.xmlschema + if comment.author.data_public? + json.uid comment.author.id + json.user comment.author.display_name + end + json.text comment.body + end +end diff --git a/app/views/api/changesets/_changeset.builder b/app/views/api/changesets/_changeset.xml.builder similarity index 100% rename from app/views/api/changesets/_changeset.builder rename to app/views/api/changesets/_changeset.xml.builder diff --git a/app/views/api/changesets/changeset.json.jbuilder b/app/views/api/changesets/changeset.json.jbuilder new file mode 100644 index 000000000..7a840c12f --- /dev/null +++ b/app/views/api/changesets/changeset.json.jbuilder @@ -0,0 +1,5 @@ +json.partial! "api/root_attributes" + +json.changeset do + json.partial! @changeset +end diff --git a/app/views/api/changesets/changeset.builder b/app/views/api/changesets/changeset.xml.builder similarity index 100% rename from app/views/api/changesets/changeset.builder rename to app/views/api/changesets/changeset.xml.builder diff --git a/app/views/api/changesets/changesets.json.jbuilder b/app/views/api/changesets/changesets.json.jbuilder new file mode 100644 index 000000000..f52d69865 --- /dev/null +++ b/app/views/api/changesets/changesets.json.jbuilder @@ -0,0 +1,5 @@ +json.partial! "api/root_attributes" + +json.changesets(@changesets) do |changeset| + json.partial! changeset +end diff --git a/app/views/api/changesets/changesets.builder b/app/views/api/changesets/changesets.xml.builder similarity index 100% rename from app/views/api/changesets/changesets.builder rename to app/views/api/changesets/changesets.xml.builder diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb index 3609b253e..ed302715a 100644 --- a/app/views/layouts/_header.html.erb +++ b/app/views/layouts/_header.html.erb @@ -36,7 +36,7 @@