cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move more api-only methods into api_controller

Browse source
This commit is contained in:
Andy Allan 2019-03-20 14:51:57 +01:00
parent 8d207e7de0
commit 19c2f6d485
2 changed files with 47 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

47
app/controllers/api_controller.rb
View file

@ -29,4 +29,51 @@ class ApiController < ApplicationController
render :plain => errormessage, :status => :unauthorized
end
end
def gpx_status
status = database_status
status = :offline if status == :online && Settings.status == "gpx_offline"
status
end
##
# sets up the current_user for use by other methods. this is mostly called
# from the authorize method, but can be called elsewhere if authorisation
# is optional.
def setup_user_auth
# try and setup using OAuth
unless Authenticator.new(self, [:token]).allow?
username, passwd = get_auth_data # parse from headers
# authenticate per-scheme
self.current_user = if username.nil?
nil # no authentication provided - perhaps first connect (client should retry after 401)
elsif username == "token"
User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
else
User.authenticate(:username => username, :password => passwd) # basic auth
end
end
# have we identified the user?
if current_user
# check if the user has been banned
user_block = current_user.blocks.active.take
unless user_block.nil?
set_locale
if user_block.zero_hour?
report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
else
report_error t("application.setup_user_auth.blocked"), :forbidden
end
end
# if the user hasn't seen the contributor terms then don't
# allow editing - they have to go to the web site and see
# (but can decline) the CTs to continue.
if !current_user.terms_seen && flash[:skip_terms].nil?
set_locale
report_error t("application.setup_user_auth.need_to_see_terms"), :forbidden
end
end
end
end

47
app/controllers/application_controller.rb
View file

@ -73,47 +73,6 @@ class ApplicationController < ActionController::Base
end
end
##
# sets up the current_user for use by other methods. this is mostly called
# from the authorize method, but can be called elsewhere if authorisation
# is optional.
def setup_user_auth
# try and setup using OAuth
unless Authenticator.new(self, [:token]).allow?
username, passwd = get_auth_data # parse from headers
# authenticate per-scheme
self.current_user = if username.nil?
nil # no authentication provided - perhaps first connect (client should retry after 401)
elsif username == "token"
User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
else
User.authenticate(:username => username, :password => passwd) # basic auth
end
end
# have we identified the user?
if current_user
# check if the user has been banned
user_block = current_user.blocks.active.take
unless user_block.nil?
set_locale
if user_block.zero_hour?
report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
else
report_error t("application.setup_user_auth.blocked"), :forbidden
end
end
# if the user hasn't seen the contributor terms then don't
# allow editing - they have to go to the web site and see
# (but can decline) the CTs to continue.
if !current_user.terms_seen && flash[:skip_terms].nil?
set_locale
report_error t("application.setup_user_auth.need_to_see_terms"), :forbidden
end
end
end
def check_database_readable(need_api = false)
if Settings.status == "database_offline" || (need_api && Settings.status == "api_offline")
if request.xhr?
@ -171,12 +130,6 @@ class ApplicationController < ActionController::Base
status
end
def gpx_status
status = database_status
status = :offline if status == :online && Settings.status == "gpx_offline"
status
end
def require_public_data
unless current_user.data_public?
report_error "You must make your edits public to upload new data", :forbidden