Move the capabilities call out of api_controller

app/abilities/ability.rb

@@ -4,9 +4,10 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
-    can [:trackpoints, :map, :changes, :capabilities, :permissions], :api
+    can [:trackpoints, :map, :changes, :permissions], :api
     can [:relation, :relation_history, :way, :way_history, :node, :node_history,
          :changeset, :note, :new_note, :query], :browse
+    can :show, :capability
     can [:index, :feed, :show, :download, :query], Changeset
     can :index, ChangesetComment
     can :search, :direction

app/controllers/api/capabilities_controller.rb

@@ -0,0 +1,21 @@
+module Api
+  class CapabilitiesController < ApplicationController
+    skip_before_action :verify_authenticity_token
+    before_action :api_deny_access_handler
+
+    authorize_resource :class => false
+
+    around_action :api_call_handle_error, :api_call_timeout
+
+    # External apps that use the api are able to query the api to find out some
+    # parameters of the API. It currently returns:
+    # * minimum and maximum API versions that can be used.
+    # * maximum area that can be requested in a bbox request in square degrees
+    # * number of tracepoints that are returned in each tracepoints page
+    def show
+      @database_status = database_status
+      @api_status = api_status
+      @gpx_status = gpx_status
+    end
+  end
+end

app/controllers/api_controller.rb

@@ -4,7 +4,7 @@ class ApiController < ApplicationController
 
   authorize_resource :class => false
 
-  before_action :check_api_readable, :except => [:capabilities]
+  before_action :check_api_readable
   before_action :setup_user_auth, :only => [:permissions]
   around_action :api_call_handle_error, :api_call_timeout
 
@@ -251,17 +251,6 @@ class ApiController < ApplicationController
     end
   end
 
-  # External apps that use the api are able to query the api to find out some
-  # parameters of the API. It currently returns:
-  # * minimum and maximum API versions that can be used.
-  # * maximum area that can be requested in a bbox request in square degrees
-  # * number of tracepoints that are returned in each tracepoints page
-  def capabilities
-    @database_status = database_status
-    @api_status = api_status
-    @gpx_status = gpx_status
-  end
-
   # External apps that use the api are able to query which permissions
   # they have. This currently returns a list of permissions granted to the current user:
   # * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token.

config/routes.rb

@@ -1,9 +1,11 @@
 OpenStreetMap::Application.routes.draw do
   # API
-  get "api/capabilities" => "api#capabilities"
+  namespace :api do
+    get "capabilities" => "capabilities#show"
+  end
 
   scope "api/0.6" do
-    get "capabilities" => "api#capabilities"
+    get "capabilities" => "api/capabilities#show"
     get "permissions" => "api#permissions"
 
     put "changeset/create" => "changesets#create"

test/controllers/api/capabilities_test.rb

@@ -0,0 +1,35 @@
+require "test_helper"
+
+module Api
+  class CapabilitiesControllerTest < ActionController::TestCase
+    ##
+    # test all routes which lead to this controller
+    def test_routes
+      assert_routing(
+        { :path => "/api/capabilities", :method => :get },
+        { :controller => "api/capabilities", :action => "show" }
+      )
+      assert_recognizes(
+        { :controller => "api/capabilities", :action => "show" },
+        { :path => "/api/0.6/capabilities", :method => :get }
+      )
+    end
+
+    def test_capabilities
+      get :show
+      assert_response :success
+      assert_select "osm[version='#{API_VERSION}'][generator='#{GENERATOR}']", :count => 1 do
+        assert_select "api", :count => 1 do
+          assert_select "version[minimum='#{API_VERSION}'][maximum='#{API_VERSION}']", :count => 1
+          assert_select "area[maximum='#{MAX_REQUEST_AREA}']", :count => 1
+          assert_select "note_area[maximum='#{MAX_NOTE_REQUEST_AREA}']", :count => 1
+          assert_select "tracepoints[per_page='#{TRACEPOINTS_PER_PAGE}']", :count => 1
+          assert_select "changesets[maximum_elements='#{Changeset::MAX_ELEMENTS}']", :count => 1
+          assert_select "status[database='online']", :count => 1
+          assert_select "status[api='online']", :count => 1
+          assert_select "status[gpx='online']", :count => 1
+        end
+      end
+    end
+  end
+end

test/controllers/api_controller_test.rb

@@ -18,14 +18,6 @@ class ApiControllerTest < ActionController::TestCase
   ##
   # test all routes which lead to this controller
   def test_routes
-    assert_routing(
-      { :path => "/api/capabilities", :method => :get },
-      { :controller => "api", :action => "capabilities" }
-    )
-    assert_recognizes(
-      { :controller => "api", :action => "capabilities" },
-      { :path => "/api/0.6/capabilities", :method => :get }
-    )
     assert_routing(
       { :path => "/api/0.6/permissions", :method => :get },
       { :controller => "api", :action => "permissions" }
@@ -379,23 +371,6 @@ class ApiControllerTest < ActionController::TestCase
     assert_response :success
   end
 
-  def test_capabilities
-    get :capabilities
-    assert_response :success
-    assert_select "osm[version='#{API_VERSION}'][generator='#{GENERATOR}']", :count => 1 do
-      assert_select "api", :count => 1 do
-        assert_select "version[minimum='#{API_VERSION}'][maximum='#{API_VERSION}']", :count => 1
-        assert_select "area[maximum='#{MAX_REQUEST_AREA}']", :count => 1
-        assert_select "note_area[maximum='#{MAX_NOTE_REQUEST_AREA}']", :count => 1
-        assert_select "tracepoints[per_page='#{TRACEPOINTS_PER_PAGE}']", :count => 1
-        assert_select "changesets[maximum_elements='#{Changeset::MAX_ELEMENTS}']", :count => 1
-        assert_select "status[database='online']", :count => 1
-        assert_select "status[api='online']", :count => 1
-        assert_select "status[gpx='online']", :count => 1
-      end
-    end
-  end
-
   def test_permissions_anonymous
     get :permissions
     assert_response :success