From: Tom Hughes <tom@compton.nu>
Date: Wed, 29 May 2024 18:18:23 +0000 (+0100)
Subject: Merge remote-tracking branch 'upstream/pull/4860'
X-Git-Tag: live~805
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/d86d2067ee4550bf3de671ebff1c1266d24aa076?hp=9adae1c52331330fd215a6451e546d16d4377a35

Merge remote-tracking branch 'upstream/pull/4860'
---

diff --git a/app/controllers/api/capabilities_controller.rb b/app/controllers/api/capabilities_controller.rb
index 80222c40b..cbdcace0c 100644
--- a/app/controllers/api/capabilities_controller.rb
+++ b/app/controllers/api/capabilities_controller.rb
@@ -1,5 +1,7 @@
 module Api
   class CapabilitiesController < ApiController
+    skip_before_action :check_api_readable
+
     authorize_resource :class => false
 
     before_action :set_request_formats
diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb
index e8d3f4c3a..4a96ec3bb 100644
--- a/app/controllers/api/changeset_comments_controller.rb
+++ b/app/controllers/api/changeset_comments_controller.rb
@@ -1,7 +1,6 @@
 module Api
   class ChangesetCommentsController < ApiController
     before_action :check_api_writable
-    before_action :check_api_readable, :except => [:create]
     before_action :authorize
 
     authorize_resource
diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb
index 2e21f0c75..3d59eeb17 100644
--- a/app/controllers/api/changesets_controller.rb
+++ b/app/controllers/api/changesets_controller.rb
@@ -3,7 +3,6 @@
 module Api
   class ChangesetsController < ApiController
     before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe]
-    before_action :check_api_readable, :except => [:index, :create, :update, :upload, :download, :subscribe, :unsubscribe]
     before_action :setup_user_auth, :only => [:show]
     before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
 
diff --git a/app/controllers/api/map_controller.rb b/app/controllers/api/map_controller.rb
index 5a05f6de2..6d4a9feb6 100644
--- a/app/controllers/api/map_controller.rb
+++ b/app/controllers/api/map_controller.rb
@@ -1,7 +1,5 @@
 module Api
   class MapController < ApiController
-    before_action :check_api_readable
-
     authorize_resource :class => false
 
     around_action :api_call_handle_error, :api_call_timeout
diff --git a/app/controllers/api/nodes_controller.rb b/app/controllers/api/nodes_controller.rb
index dc7d04dc5..5aad78dbf 100644
--- a/app/controllers/api/nodes_controller.rb
+++ b/app/controllers/api/nodes_controller.rb
@@ -3,7 +3,6 @@
 module Api
   class NodesController < ApiController
     before_action :check_api_writable, :only => [:create, :update, :delete]
-    before_action :check_api_readable, :except => [:create, :update, :delete]
     before_action :authorize, :only => [:create, :update, :delete]
 
     authorize_resource
diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb
index 8a0a82c40..d53059a94 100644
--- a/app/controllers/api/notes_controller.rb
+++ b/app/controllers/api/notes_controller.rb
@@ -1,6 +1,5 @@
 module Api
   class NotesController < ApiController
-    before_action :check_api_readable
     before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
     before_action :setup_user_auth, :only => [:create, :show]
     before_action :authorize, :only => [:close, :reopen, :destroy, :comment]
diff --git a/app/controllers/api/old_elements_controller.rb b/app/controllers/api/old_elements_controller.rb
index 6a468a900..2343252db 100644
--- a/app/controllers/api/old_elements_controller.rb
+++ b/app/controllers/api/old_elements_controller.rb
@@ -3,7 +3,6 @@
 # nodes, ways and relations are basically identical.
 module Api
   class OldElementsController < ApiController
-    before_action :check_api_readable
     before_action :check_api_writable, :only => [:redact]
     before_action :setup_user_auth, :only => [:history, :show]
     before_action :authorize, :only => [:redact]
diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb
index 8c0c949dc..717bbfa6f 100644
--- a/app/controllers/api/permissions_controller.rb
+++ b/app/controllers/api/permissions_controller.rb
@@ -1,7 +1,5 @@
 module Api
   class PermissionsController < ApiController
-    before_action :check_api_readable
-
     authorize_resource :class => false
 
     before_action :setup_user_auth
diff --git a/app/controllers/api/relations_controller.rb b/app/controllers/api/relations_controller.rb
index e82ac6368..5fb99dbd1 100644
--- a/app/controllers/api/relations_controller.rb
+++ b/app/controllers/api/relations_controller.rb
@@ -1,7 +1,6 @@
 module Api
   class RelationsController < ApiController
     before_action :check_api_writable, :only => [:create, :update, :delete]
-    before_action :check_api_readable, :except => [:create, :update, :delete]
     before_action :authorize, :only => [:create, :update, :delete]
 
     authorize_resource
diff --git a/app/controllers/api/tracepoints_controller.rb b/app/controllers/api/tracepoints_controller.rb
index f38351de9..d8d9da98b 100644
--- a/app/controllers/api/tracepoints_controller.rb
+++ b/app/controllers/api/tracepoints_controller.rb
@@ -1,7 +1,5 @@
 module Api
   class TracepointsController < ApiController
-    before_action :check_api_readable
-
     authorize_resource
 
     around_action :api_call_handle_error, :api_call_timeout
diff --git a/app/controllers/api/traces_controller.rb b/app/controllers/api/traces_controller.rb
index 956bcde6e..738642fff 100644
--- a/app/controllers/api/traces_controller.rb
+++ b/app/controllers/api/traces_controller.rb
@@ -1,14 +1,11 @@
 module Api
   class TracesController < ApiController
-    before_action :check_database_readable, :except => [:show, :data]
-    before_action :check_database_writable, :only => [:create, :update, :destroy]
+    before_action :check_api_writable, :only => [:create, :update, :destroy]
     before_action :set_locale
     before_action :authorize
 
     authorize_resource
 
-    before_action :check_api_readable, :only => [:show, :data]
-    before_action :check_api_writable, :only => [:create, :update, :destroy]
     before_action :offline_error, :only => [:create, :destroy, :data]
     around_action :api_call_handle_error
 
diff --git a/app/controllers/api/user_blocks_controller.rb b/app/controllers/api/user_blocks_controller.rb
index 19fd4b400..6c285e14a 100644
--- a/app/controllers/api/user_blocks_controller.rb
+++ b/app/controllers/api/user_blocks_controller.rb
@@ -1,7 +1,5 @@
 module Api
   class UserBlocksController < ApiController
-    before_action :check_api_readable
-
     authorize_resource
 
     around_action :api_call_handle_error, :api_call_timeout
diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb
index 99d224c51..cb852ce88 100644
--- a/app/controllers/api/user_preferences_controller.rb
+++ b/app/controllers/api/user_preferences_controller.rb
@@ -1,6 +1,7 @@
 # Update and read user preferences, which are arbitrary key/val pairs
 module Api
   class UserPreferencesController < ApiController
+    before_action :check_api_writable, :only => [:update_all, :update, :destroy]
     before_action :authorize
 
     authorize_resource
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
index 6fa47095a..5ff275ee9 100644
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -1,6 +1,5 @@
 module Api
   class UsersController < ApiController
-    before_action :check_api_readable
     before_action :disable_terms_redirect, :only => [:details]
     before_action :setup_user_auth, :only => [:show, :index]
     before_action :authorize, :only => [:details, :gpx_files]
diff --git a/app/controllers/api/versions_controller.rb b/app/controllers/api/versions_controller.rb
index d5c9c5f87..d311a18d2 100644
--- a/app/controllers/api/versions_controller.rb
+++ b/app/controllers/api/versions_controller.rb
@@ -1,5 +1,6 @@
 module Api
   class VersionsController < ApiController
+    skip_before_action :check_api_readable
     authorize_resource :class => false
 
     before_action :set_request_formats
diff --git a/app/controllers/api/ways_controller.rb b/app/controllers/api/ways_controller.rb
index f8254d802..4099e1676 100644
--- a/app/controllers/api/ways_controller.rb
+++ b/app/controllers/api/ways_controller.rb
@@ -1,7 +1,6 @@
 module Api
   class WaysController < ApiController
     before_action :check_api_writable, :only => [:create, :update, :delete]
-    before_action :check_api_readable, :except => [:create, :update, :delete]
     before_action :authorize, :only => [:create, :update, :delete]
 
     authorize_resource
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index edafac7cc..ff7f694c5 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,6 +1,8 @@
 class ApiController < ApplicationController
   skip_before_action :verify_authenticity_token
 
+  before_action :check_api_readable
+
   private
 
   ##
diff --git a/app/views/application/_auth_providers.html.erb b/app/views/application/_auth_providers.html.erb
index 554ec8dda..0cbb529a5 100644
--- a/app/views/application/_auth_providers.html.erb
+++ b/app/views/application/_auth_providers.html.erb
@@ -1,29 +1,42 @@
 <div>
-  <div class="list-inline justify-content-center d-flex align-items-center flex-wrap mb-3 gap-3" id="login_auth_buttons">
+  <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-100 mb-3" id="login_auth_buttons">
 
+    <% prefered_auth_button_available = false %>
     <% %w[google facebook microsoft github wikipedia].each do |provider| %>
       <% if Settings.key?("#{provider}_auth_id".to_sym) -%>
         <% if @preferred_auth_provider == provider %>
-          <div class="mx-2"><%= auth_button_preferred provider, provider %></div>
+          <% prefered_auth_button_available = true %>
         <% end %>
       <% end -%>
     <% end -%>
 
-    <div class="justify-content-center d-flex gap-1">
-      <div>
-        <%= link_to image_tag("openid.png",
-                              :alt => t("application.auth_providers.openid.title"),
-                              :size => "24"),
-                    "#",
-                    :id => "openid_open_url",
-                    :title => t("application.auth_providers.openid.title"),
-                    :class => "p-2 d-block" %>
+    <% if prefered_auth_button_available %>
+      <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-50">
+        <% %w[google facebook microsoft github wikipedia].each do |provider| %>
+          <% if Settings.key?("#{provider}_auth_id".to_sym) -%>
+            <% if @preferred_auth_provider == provider %>
+              <%= auth_button_preferred provider, provider %>
+            <% end %>
+          <% end -%>
+        <% end -%>
       </div>
+      <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-50">
+    <% else %>
+      <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-100">
+    <% end %>
+
+      <%= link_to image_tag("openid.png",
+                            :alt => t("application.auth_providers.openid.title"),
+                            :size => "24"),
+                  "#",
+                  :id => "openid_open_url",
+                  :title => t("application.auth_providers.openid.title"),
+                  :class => "p-2 d-block" %>
 
       <% %w[google facebook microsoft github wikipedia].each do |provider| %>
         <% unless @preferred_auth_provider == provider %>
           <% if Settings.key?("#{provider}_auth_id".to_sym) -%>
-            <div><%= auth_button provider, provider %></div>
+            <%= auth_button provider, provider %>
           <% end -%>
         <% end %>
       <% end -%>
diff --git a/test/controllers/api/capabilities_controller_test.rb b/test/controllers/api/capabilities_controller_test.rb
index 46ebb6a37..7d2feed29 100644
--- a/test/controllers/api/capabilities_controller_test.rb
+++ b/test/controllers/api/capabilities_controller_test.rb
@@ -71,5 +71,75 @@ module Api
       assert_equal "online", js["api"]["status"]["gpx"]
       assert_equal Settings.imagery_blacklist.length, js["policy"]["imagery"]["blacklist"].length
     end
+
+    def test_capabilities_api_readonly
+      with_settings(:status => "api_readonly") do
+        get api_capabilities_path
+        assert_response :success
+        assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", :count => 1 do
+          assert_select "api", :count => 1 do
+            assert_select "status[database='online']", :count => 1
+            assert_select "status[api='readonly']", :count => 1
+            assert_select "status[gpx='online']", :count => 1
+          end
+        end
+      end
+    end
+
+    def test_capabilities_api_offline
+      with_settings(:status => "api_offline") do
+        get api_capabilities_path
+        assert_response :success
+        assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", :count => 1 do
+          assert_select "api", :count => 1 do
+            assert_select "status[database='online']", :count => 1
+            assert_select "status[api='offline']", :count => 1
+            assert_select "status[gpx='online']", :count => 1
+          end
+        end
+      end
+    end
+
+    def test_capabilities_database_readonly
+      with_settings(:status => "database_readonly") do
+        get api_capabilities_path
+        assert_response :success
+        assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", :count => 1 do
+          assert_select "api", :count => 1 do
+            assert_select "status[database='readonly']", :count => 1
+            assert_select "status[api='readonly']", :count => 1
+            assert_select "status[gpx='readonly']", :count => 1
+          end
+        end
+      end
+    end
+
+    def test_capabilities_database_offline
+      with_settings(:status => "database_offline") do
+        get api_capabilities_path
+        assert_response :success
+        assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", :count => 1 do
+          assert_select "api", :count => 1 do
+            assert_select "status[database='offline']", :count => 1
+            assert_select "status[api='offline']", :count => 1
+            assert_select "status[gpx='offline']", :count => 1
+          end
+        end
+      end
+    end
+
+    def test_capabilities_gpx_offline
+      with_settings(:status => "gpx_offline") do
+        get api_capabilities_path
+        assert_response :success
+        assert_select "osm[version='#{Settings.api_version}'][generator='#{Settings.generator}']", :count => 1 do
+          assert_select "api", :count => 1 do
+            assert_select "status[database='online']", :count => 1
+            assert_select "status[api='online']", :count => 1
+            assert_select "status[gpx='offline']", :count => 1
+          end
+        end
+      end
+    end
   end
 end
diff --git a/test/controllers/api/versions_controller_test.rb b/test/controllers/api/versions_controller_test.rb
index 1c70831c9..d2b353a8e 100644
--- a/test/controllers/api/versions_controller_test.rb
+++ b/test/controllers/api/versions_controller_test.rb
@@ -46,5 +46,17 @@ module Api
       assert_response :success
       assert_select "osm[version]", :count => 0
     end
+
+    def test_versions_available_while_offline
+      with_settings(:status => "api_offline") do
+        get api_versions_path
+        assert_response :success
+        assert_select "osm[generator='#{Settings.generator}']", :count => 1 do
+          assert_select "api", :count => 1 do
+            assert_select "version", Settings.api_version
+          end
+        end
+      end
+    end
   end
 end
diff --git a/yarn.lock b/yarn.lock
index 230c1c716..dec04559d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -576,9 +576,9 @@ optionator@^0.9.3:
     type-check "^0.4.0"
 
 osm-community-index@^5.2.0:
-  version "5.7.0"
-  resolved "https://registry.yarnpkg.com/osm-community-index/-/osm-community-index-5.7.0.tgz#1c1a785fd13a2e00535da8db132c4e49780f0b28"
-  integrity sha512-r5h58L9mGh2Wu4XcJoGKLdw3oBY41jWAMUVBNE9tBS9sZINwSZccrImhxuOS5DmpslTjZ6w1cn7x9sE8tnFGpQ==
+  version "5.7.1"
+  resolved "https://registry.yarnpkg.com/osm-community-index/-/osm-community-index-5.7.1.tgz#2341666c83d14c00ef3d9a90298c96d5e791b56c"
+  integrity sha512-E+Xib5m//WliNq2iqeUXyKqZk7yhZu/vSJbwwyxDAPzcNWxgIMoO0B7cUMeFNckhMQsKM2UuC2BAjWuVfbYf1Q==
   dependencies:
     diacritics "^1.3.0"