Refactor api controllers to inherit from a common ApiController

app/controllers/api/amf_controller.rb

@@ -36,10 +36,9 @@
 # * version conflict when POIs and ways are reverted
 
 module Api
-  class AmfController < ApplicationController
+  class AmfController < ApiController
     include Potlatch
 
-    skip_before_action :verify_authenticity_token
     before_action :check_api_writable
 
     # AMF Controller implements its own authentication and authorization checks

app/controllers/api/capabilities_controller.rb

@@ -1,6 +1,5 @@
 module Api
-  class CapabilitiesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class CapabilitiesController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

app/controllers/api/changes_controller.rb

@@ -1,6 +1,5 @@
 module Api
-  class ChangesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class ChangesController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

app/controllers/api/changeset_comments_controller.rb

@@ -1,6 +1,5 @@
 module Api
-  class ChangesetCommentsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class ChangesetCommentsController < ApiController
     before_action :authorize
     before_action :api_deny_access_handler
 

app/controllers/api/changesets_controller.rb

@@ -1,11 +1,10 @@
 # The ChangesetController is the RESTful interface to Changeset objects
 
 module Api
-  class ChangesetsController < ApplicationController
+  class ChangesetsController < ApiController
     layout "site"
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
     before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox]
 

app/controllers/api/map_controller.rb

@@ -1,6 +1,5 @@
 module Api
-  class MapController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class MapController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

app/controllers/api/nodes_controller.rb

@@ -1,10 +1,9 @@
 # The NodeController is the RESTful interface to Node objects
 
 module Api
-  class NodesController < ApplicationController
+  class NodesController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :delete]
     before_action :api_deny_access_handler
 

app/controllers/api/notes_controller.rb

@@ -1,8 +1,7 @@
 module Api
-  class NotesController < ApplicationController
+  class NotesController < ApiController
     layout "site", :only => [:mine]
 
-    skip_before_action :verify_authenticity_token
     before_action :check_api_readable
     before_action :setup_user_auth, :only => [:create, :comment, :show]
     before_action :authorize, :only => [:close, :reopen, :destroy]

app/controllers/api/old_controller.rb

@@ -2,10 +2,9 @@
 # into one place. as it turns out, the API methods for historical
 # nodes, ways and relations are basically identical.
 module Api
-  class OldController < ApplicationController
+  class OldController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :setup_user_auth, :only => [:history, :version]
     before_action :api_deny_access_handler
     before_action :authorize, :only => [:redact]

app/controllers/api/permissions_controller.rb

@@ -1,6 +1,5 @@
 module Api
-  class PermissionsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class PermissionsController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource :class => false

app/controllers/api/relations_controller.rb

@@ -1,8 +1,7 @@
 module Api
-  class RelationsController < ApplicationController
+  class RelationsController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :delete]
     before_action :api_deny_access_handler
 

app/controllers/api/search_controller.rb

@@ -1,9 +1,8 @@
 module Api
-  class SearchController < ApplicationController
+  class SearchController < ApiController
     # Support searching for nodes, ways, or all
     # Can search by tag k, v, or both (type->k,value->v)
     # Can search by name (k=name,v=....)
-    skip_before_action :verify_authenticity_token
     authorize_resource :class => false
 
     def search_all

app/controllers/api/swf_controller.rb

@@ -1,6 +1,5 @@
 module Api
-  class SwfController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class SwfController < ApiController
     before_action :check_api_readable
     authorize_resource :class => false
 

app/controllers/api/tracepoints_controller.rb

@@ -1,6 +1,5 @@
 module Api
-  class TracepointsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class TracepointsController < ApiController
     before_action :api_deny_access_handler
 
     authorize_resource

app/controllers/api/traces_controller.rb

@@ -1,8 +1,7 @@
 module Api
-  class TracesController < ApplicationController
+  class TracesController < ApiController
     layout "site", :except => :georss
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize_web
     before_action :set_locale
     before_action :authorize

app/controllers/api/user_preferences_controller.rb

@@ -1,7 +1,6 @@
 # Update and read user preferences, which are arbitrayr key/val pairs
 module Api
-  class UserPreferencesController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class UserPreferencesController < ApiController
     before_action :authorize
 
     authorize_resource

app/controllers/api/users_controller.rb

@@ -1,8 +1,7 @@
 module Api
-  class UsersController < ApplicationController
+  class UsersController < ApiController
     layout "site", :except => [:api_details]
 
-    skip_before_action :verify_authenticity_token
     before_action :disable_terms_redirect, :only => [:api_details]
     before_action :authorize, :only => [:api_details, :api_gpx_files]
     before_action :api_deny_access_handler

app/controllers/api/ways_controller.rb

@@ -1,8 +1,7 @@
 module Api
-  class WaysController < ApplicationController
+  class WaysController < ApiController
     require "xml/libxml"
 
-    skip_before_action :verify_authenticity_token
     before_action :authorize, :only => [:create, :update, :delete]
     before_action :api_deny_access_handler
 

app/controllers/api_controller.rb

@@ -0,0 +1,3 @@
+class ApiController < ApplicationController
+  skip_before_action :verify_authenticity_token
+end