cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor api controllers to inherit from a common ApiController

Browse source
This commit is contained in:
Andy Allan 2019-03-20 14:16:15 +01:00
parent 53cc1d2d11
commit 3bb07e29ec
19 changed files with 21 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/api/amf_controller.rb
View file

@ -36,10 +36,9 @@
# * version conflict when POIs and ways are reverted # * version conflict when POIs and ways are reverted
module Api module Api
class AmfController < ApplicationController class AmfController < ApiController
include Potlatch include Potlatch
skip_before_action :verify_authenticity_token
before_action :check_api_writable before_action :check_api_writable
# AMF Controller implements its own authentication and authorization checks # AMF Controller implements its own authentication and authorization checks

3
app/controllers/api/capabilities_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class CapabilitiesController < ApplicationController class CapabilitiesController < ApiController
skip_before_action :verify_authenticity_token
before_action :api_deny_access_handler before_action :api_deny_access_handler
authorize_resource :class => false authorize_resource :class => false

3
app/controllers/api/changes_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class ChangesController < ApplicationController class ChangesController < ApiController
skip_before_action :verify_authenticity_token
before_action :api_deny_access_handler before_action :api_deny_access_handler
authorize_resource :class => false authorize_resource :class => false

3
app/controllers/api/changeset_comments_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class ChangesetCommentsController < ApplicationController class ChangesetCommentsController < ApiController
skip_before_action :verify_authenticity_token
before_action :authorize before_action :authorize
before_action :api_deny_access_handler before_action :api_deny_access_handler

3
app/controllers/api/changesets_controller.rb
View file

@ -1,11 +1,10 @@
# The ChangesetController is the RESTful interface to Changeset objects # The ChangesetController is the RESTful interface to Changeset objects
module Api module Api
class ChangesetsController < ApplicationController class ChangesetsController < ApiController
layout "site" layout "site"
require "xml/libxml" require "xml/libxml"
skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox] before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox]

3
app/controllers/api/map_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class MapController < ApplicationController class MapController < ApiController
skip_before_action :verify_authenticity_token
before_action :api_deny_access_handler before_action :api_deny_access_handler
authorize_resource :class => false authorize_resource :class => false

3
app/controllers/api/nodes_controller.rb
View file

@ -1,10 +1,9 @@
# The NodeController is the RESTful interface to Node objects # The NodeController is the RESTful interface to Node objects
module Api module Api
class NodesController < ApplicationController class NodesController < ApiController
require "xml/libxml" require "xml/libxml"
skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete]
before_action :api_deny_access_handler before_action :api_deny_access_handler

3
app/controllers/api/notes_controller.rb
View file

@ -1,8 +1,7 @@
module Api module Api
class NotesController < ApplicationController class NotesController < ApiController
layout "site", :only => [:mine] layout "site", :only => [:mine]
skip_before_action :verify_authenticity_token
before_action :check_api_readable before_action :check_api_readable
before_action :setup_user_auth, :only => [:create, :comment, :show] before_action :setup_user_auth, :only => [:create, :comment, :show]
before_action :authorize, :only => [:close, :reopen, :destroy] before_action :authorize, :only => [:close, :reopen, :destroy]

3
app/controllers/api/old_controller.rb
View file

@ -2,10 +2,9 @@
# into one place. as it turns out, the API methods for historical # into one place. as it turns out, the API methods for historical
# nodes, ways and relations are basically identical. # nodes, ways and relations are basically identical.
module Api module Api
class OldController < ApplicationController class OldController < ApiController
require "xml/libxml" require "xml/libxml"
skip_before_action :verify_authenticity_token
before_action :setup_user_auth, :only => [:history, :version] before_action :setup_user_auth, :only => [:history, :version]
before_action :api_deny_access_handler before_action :api_deny_access_handler
before_action :authorize, :only => [:redact] before_action :authorize, :only => [:redact]

3
app/controllers/api/permissions_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class PermissionsController < ApplicationController class PermissionsController < ApiController
skip_before_action :verify_authenticity_token
before_action :api_deny_access_handler before_action :api_deny_access_handler
authorize_resource :class => false authorize_resource :class => false

3
app/controllers/api/relations_controller.rb
View file

@ -1,8 +1,7 @@
module Api module Api
class RelationsController < ApplicationController class RelationsController < ApiController
require "xml/libxml" require "xml/libxml"
skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete]
before_action :api_deny_access_handler before_action :api_deny_access_handler

3
app/controllers/api/search_controller.rb
View file

@ -1,9 +1,8 @@
module Api module Api
class SearchController < ApplicationController class SearchController < ApiController
# Support searching for nodes, ways, or all # Support searching for nodes, ways, or all
# Can search by tag k, v, or both (type->k,value->v) # Can search by tag k, v, or both (type->k,value->v)
# Can search by name (k=name,v=....) # Can search by name (k=name,v=....)
skip_before_action :verify_authenticity_token
authorize_resource :class => false authorize_resource :class => false
def search_all def search_all

3
app/controllers/api/swf_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class SwfController < ApplicationController class SwfController < ApiController
skip_before_action :verify_authenticity_token
before_action :check_api_readable before_action :check_api_readable
authorize_resource :class => false authorize_resource :class => false

3
app/controllers/api/tracepoints_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class TracepointsController < ApplicationController class TracepointsController < ApiController
skip_before_action :verify_authenticity_token
before_action :api_deny_access_handler before_action :api_deny_access_handler
authorize_resource authorize_resource

3
app/controllers/api/traces_controller.rb
View file

@ -1,8 +1,7 @@
module Api module Api
class TracesController < ApplicationController class TracesController < ApiController
layout "site", :except => :georss layout "site", :except => :georss
skip_before_action :verify_authenticity_token
before_action :authorize_web before_action :authorize_web
before_action :set_locale before_action :set_locale
before_action :authorize before_action :authorize

3
app/controllers/api/user_preferences_controller.rb
View file

@ -1,7 +1,6 @@
# Update and read user preferences, which are arbitrayr key/val pairs # Update and read user preferences, which are arbitrayr key/val pairs
module Api module Api
class UserPreferencesController < ApplicationController class UserPreferencesController < ApiController
skip_before_action :verify_authenticity_token
before_action :authorize before_action :authorize
authorize_resource authorize_resource

3
app/controllers/api/users_controller.rb
View file

@ -1,8 +1,7 @@
module Api module Api
class UsersController < ApplicationController class UsersController < ApiController
layout "site", :except => [:api_details] layout "site", :except => [:api_details]
skip_before_action :verify_authenticity_token
before_action :disable_terms_redirect, :only => [:api_details] before_action :disable_terms_redirect, :only => [:api_details]
before_action :authorize, :only => [:api_details, :api_gpx_files] before_action :authorize, :only => [:api_details, :api_gpx_files]
before_action :api_deny_access_handler before_action :api_deny_access_handler

3
app/controllers/api/ways_controller.rb
View file

@ -1,8 +1,7 @@
module Api module Api
class WaysController < ApplicationController class WaysController < ApiController
require "xml/libxml" require "xml/libxml"
skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete]
before_action :api_deny_access_handler before_action :api_deny_access_handler

3
app/controllers/api_controller.rb Normal file
View file

@ -0,0 +1,3 @@
class ApiController < ApplicationController
skip_before_action :verify_authenticity_token
end