Fix various auth bugs with the changeset listing stuff, catch exception (but not yet handled well) for when edits not public.

2009-03-23 18:23:37 +00:00 · 2009-03-23 18:23:37 +00:00 · 677f391ec1
commit 677f391ec1
parent d3c6087409
1 changed files with 8 additions and 3 deletions
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@ -4,8 +4,8 @@ class ChangesetController < ApplicationController
  layout 'site'
  require 'xml/libxml'

-  session :off, :except => [:list]
-  before_filter :authorize_web, :only => [:list]
+  session :off, :except => [:list, :list_user, :list_bbox]
+  before_filter :authorize_web, :only => [:list, :list_user, :list_bbox]
  before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close]
  before_filter :check_write_availability, :only => [:create, :update, :delete, :upload, :include]
  before_filter :check_read_availability, :except => [:create, :update, :delete, :upload, :download, :query]
@ -323,7 +323,12 @@ class ChangesetController < ApplicationController
    #find user by display name	  
    user = User.find(:first, :conditions => [ "visible = ? and display_name = ?", true, params[:display_name]])
    
+    conditions = nil
+    begin
      conditions = conditions_user(user.id);
+    rescue OSM::APINotFoundError
+      
+    end
    conditions = cond_merge conditions, conditions_nonempty
    @edit_pages, @edits = paginate(:changesets,
                                   :include => [:user, :changeset_tags],