From: Andy Allan Date: Wed, 29 May 2024 13:54:16 +0000 (+0100) Subject: Move check_api_readable to api_controller X-Git-Tag: live~425^2 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/c1cccd40fc6af6b9790c9902581cf2e49006c084 Move check_api_readable to api_controller It's easier to skip the check in the two places that we need to, and include it by default everywhere else. --- diff --git a/app/controllers/api/capabilities_controller.rb b/app/controllers/api/capabilities_controller.rb index 80222c40b..cbdcace0c 100644 --- a/app/controllers/api/capabilities_controller.rb +++ b/app/controllers/api/capabilities_controller.rb @@ -1,5 +1,7 @@ module Api class CapabilitiesController < ApiController + skip_before_action :check_api_readable + authorize_resource :class => false before_action :set_request_formats diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index c1980e80b..4a96ec3bb 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -1,6 +1,5 @@ module Api class ChangesetCommentsController < ApiController - before_action :check_api_readable before_action :check_api_writable before_action :authorize diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb index 71ffc6d13..3d59eeb17 100644 --- a/app/controllers/api/changesets_controller.rb +++ b/app/controllers/api/changesets_controller.rb @@ -2,7 +2,6 @@ module Api class ChangesetsController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] before_action :setup_user_auth, :only => [:show] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] diff --git a/app/controllers/api/map_controller.rb b/app/controllers/api/map_controller.rb index 5a05f6de2..6d4a9feb6 100644 --- a/app/controllers/api/map_controller.rb +++ b/app/controllers/api/map_controller.rb @@ -1,7 +1,5 @@ module Api class MapController < ApiController - before_action :check_api_readable - authorize_resource :class => false around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/nodes_controller.rb b/app/controllers/api/nodes_controller.rb index 1ccc2152d..5aad78dbf 100644 --- a/app/controllers/api/nodes_controller.rb +++ b/app/controllers/api/nodes_controller.rb @@ -2,7 +2,6 @@ module Api class NodesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index 8a0a82c40..d53059a94 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -1,6 +1,5 @@ module Api class NotesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :setup_user_auth, :only => [:create, :show] before_action :authorize, :only => [:close, :reopen, :destroy, :comment] diff --git a/app/controllers/api/old_elements_controller.rb b/app/controllers/api/old_elements_controller.rb index 6a468a900..2343252db 100644 --- a/app/controllers/api/old_elements_controller.rb +++ b/app/controllers/api/old_elements_controller.rb @@ -3,7 +3,6 @@ # nodes, ways and relations are basically identical. module Api class OldElementsController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:redact] before_action :setup_user_auth, :only => [:history, :show] before_action :authorize, :only => [:redact] diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb index 8c0c949dc..717bbfa6f 100644 --- a/app/controllers/api/permissions_controller.rb +++ b/app/controllers/api/permissions_controller.rb @@ -1,7 +1,5 @@ module Api class PermissionsController < ApiController - before_action :check_api_readable - authorize_resource :class => false before_action :setup_user_auth diff --git a/app/controllers/api/relations_controller.rb b/app/controllers/api/relations_controller.rb index 6cd3f4137..5fb99dbd1 100644 --- a/app/controllers/api/relations_controller.rb +++ b/app/controllers/api/relations_controller.rb @@ -1,6 +1,5 @@ module Api class RelationsController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] diff --git a/app/controllers/api/tracepoints_controller.rb b/app/controllers/api/tracepoints_controller.rb index f38351de9..d8d9da98b 100644 --- a/app/controllers/api/tracepoints_controller.rb +++ b/app/controllers/api/tracepoints_controller.rb @@ -1,7 +1,5 @@ module Api class TracepointsController < ApiController - before_action :check_api_readable - authorize_resource around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/traces_controller.rb b/app/controllers/api/traces_controller.rb index a510655ca..738642fff 100644 --- a/app/controllers/api/traces_controller.rb +++ b/app/controllers/api/traces_controller.rb @@ -1,6 +1,5 @@ module Api class TracesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :destroy] before_action :set_locale before_action :authorize diff --git a/app/controllers/api/user_blocks_controller.rb b/app/controllers/api/user_blocks_controller.rb index 19fd4b400..6c285e14a 100644 --- a/app/controllers/api/user_blocks_controller.rb +++ b/app/controllers/api/user_blocks_controller.rb @@ -1,7 +1,5 @@ module Api class UserBlocksController < ApiController - before_action :check_api_readable - authorize_resource around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb index db779a35e..cb852ce88 100644 --- a/app/controllers/api/user_preferences_controller.rb +++ b/app/controllers/api/user_preferences_controller.rb @@ -1,7 +1,6 @@ # Update and read user preferences, which are arbitrary key/val pairs module Api class UserPreferencesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:update_all, :update, :destroy] before_action :authorize diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index 6fa47095a..5ff275ee9 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,5 @@ module Api class UsersController < ApiController - before_action :check_api_readable before_action :disable_terms_redirect, :only => [:details] before_action :setup_user_auth, :only => [:show, :index] before_action :authorize, :only => [:details, :gpx_files] diff --git a/app/controllers/api/versions_controller.rb b/app/controllers/api/versions_controller.rb index d5c9c5f87..d311a18d2 100644 --- a/app/controllers/api/versions_controller.rb +++ b/app/controllers/api/versions_controller.rb @@ -1,5 +1,6 @@ module Api class VersionsController < ApiController + skip_before_action :check_api_readable authorize_resource :class => false before_action :set_request_formats diff --git a/app/controllers/api/ways_controller.rb b/app/controllers/api/ways_controller.rb index 7878c8701..4099e1676 100644 --- a/app/controllers/api/ways_controller.rb +++ b/app/controllers/api/ways_controller.rb @@ -1,6 +1,5 @@ module Api class WaysController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index edafac7cc..ff7f694c5 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,6 +1,8 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + before_action :check_api_readable + private ##