cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move api error handling and timeouts to parent class

Browse source 
Fixes #4861

Since the around_action is defined before authorize_resource is called,
the handler needs to pass on the CanCan::AccessDenied exception.

I've added the timeouts where I think they were missing (e.g. UserPreferencesController)
but I've kept the exception for changeset#upload and traces#create
This commit is contained in:
Andy Allan 2024-10-02 16:37:32 +01:00
parent e8da505518
commit 83425edd8d
18 changed files with 6 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

1
app/controllers/api/capabilities_controller.rb
View file

@ -5,7 +5,6 @@ module Api
authorize_resource :class => false authorize_resource :class => false
before_action :set_request_formats before_action :set_request_formats
around_action :api_call_handle_error, :api_call_timeout
# External apps that use the api are able to query the api to find out some # External apps that use the api are able to query the api to find out some
# parameters of the API. It currently returns: # parameters of the API. It currently returns:

3
app/controllers/api/changeset_comments_controller.rb
View file

@ -6,9 +6,8 @@ module Api
authorize_resource authorize_resource
before_action :require_public_data, :only => [:create] before_action :require_public_data, :only => [:create]
before_action :set_request_formats before_action :set_request_formats
around_action :api_call_handle_error
around_action :api_call_timeout
## ##
# Add a comment to a changeset # Add a comment to a changeset

3
app/controllers/api/changesets_controller.rb
View file

@ -11,8 +11,7 @@ module Api
before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
before_action :set_request_formats, :except => [:create, :close, :upload] before_action :set_request_formats, :except => [:create, :close, :upload]
around_action :api_call_handle_error skip_around_action :api_call_timeout, :only => [:upload]
around_action :api_call_timeout, :except => [:upload]
# Helper methods for checking consistency # Helper methods for checking consistency
include ConsistencyValidations include ConsistencyValidations

2
app/controllers/api/map_controller.rb
View file

@ -2,8 +2,6 @@ module Api
class MapController < ApiController class MapController < ApiController
authorize_resource :class => false authorize_resource :class => false
around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats before_action :set_request_formats
# This is probably the most common call of all. It is used for getting the # This is probably the most common call of all. It is used for getting the

2
app/controllers/api/messages_controller.rb
View file

@ -9,8 +9,6 @@ module Api
authorize_resource authorize_resource
around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats before_action :set_request_formats
def inbox def inbox

2
app/controllers/api/nodes_controller.rb
View file

@ -8,8 +8,6 @@ module Api
authorize_resource authorize_resource
before_action :require_public_data, :only => [:create, :update, :delete] before_action :require_public_data, :only => [:create, :update, :delete]
around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats, :except => [:create, :update, :delete] before_action :set_request_formats, :except => [:create, :update, :delete]
before_action :check_rate_limit, :only => [:create, :update, :delete] before_action :check_rate_limit, :only => [:create, :update, :delete]

1
app/controllers/api/notes_controller.rb
View file

@ -7,7 +7,6 @@ module Api
authorize_resource authorize_resource
before_action :set_locale before_action :set_locale
around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats, :except => [:feed] before_action :set_request_formats, :except => [:feed]
## ##

1
app/controllers/api/old_elements_controller.rb
View file

@ -9,7 +9,6 @@ module Api
authorize_resource authorize_resource
around_action :api_call_handle_error, :api_call_timeout
before_action :lookup_old_element, :except => [:history] before_action :lookup_old_element, :except => [:history]
before_action :lookup_old_element_versions, :only => [:history] before_action :lookup_old_element_versions, :only => [:history]

1
app/controllers/api/permissions_controller.rb
View file

@ -4,7 +4,6 @@ module Api
before_action :setup_user_auth before_action :setup_user_auth
before_action :set_request_formats before_action :set_request_formats
around_action :api_call_handle_error, :api_call_timeout
# External apps that use the api are able to query which permissions # External apps that use the api are able to query which permissions
# they have. This currently returns a list of permissions granted to the current user: # they have. This currently returns a list of permissions granted to the current user:

2
app/controllers/api/relations_controller.rb
View file

@ -6,8 +6,6 @@ module Api
authorize_resource authorize_resource
before_action :require_public_data, :only => [:create, :update, :delete] before_action :require_public_data, :only => [:create, :update, :delete]
around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats, :except => [:create, :update, :delete] before_action :set_request_formats, :except => [:create, :update, :delete]
before_action :check_rate_limit, :only => [:create, :update, :delete] before_action :check_rate_limit, :only => [:create, :update, :delete]

2
app/controllers/api/tracepoints_controller.rb
View file

@ -2,8 +2,6 @@ module Api
class TracepointsController < ApiController class TracepointsController < ApiController
authorize_resource authorize_resource
around_action :api_call_handle_error, :api_call_timeout
# Get an XML response containing a list of tracepoints that have been uploaded # Get an XML response containing a list of tracepoints that have been uploaded
# within the specified bounding box, and in the specified page. # within the specified bounding box, and in the specified page.
def index def index

2
app/controllers/api/traces_controller.rb
View file

@ -7,7 +7,7 @@ module Api
authorize_resource authorize_resource
before_action :offline_error, :only => [:create, :destroy, :data] before_action :offline_error, :only => [:create, :destroy, :data]
around_action :api_call_handle_error skip_around_action :api_call_timeout, :only => :create
def show def show
@trace = Trace.visible.find(params[:id]) @trace = Trace.visible.find(params[:id])

1
app/controllers/api/user_blocks_controller.rb
View file

@ -2,7 +2,6 @@ module Api
class UserBlocksController < ApiController class UserBlocksController < ApiController
authorize_resource authorize_resource
around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats before_action :set_request_formats
def show def show

2
app/controllers/api/user_preferences_controller.rb
View file

@ -6,8 +6,6 @@ module Api
authorize_resource authorize_resource
around_action :api_call_handle_error
before_action :set_request_formats before_action :set_request_formats
## ##

1
app/controllers/api/users_controller.rb
View file

@ -6,7 +6,6 @@ module Api
authorize_resource authorize_resource
around_action :api_call_handle_error
load_resource :only => :show load_resource :only => :show
before_action :set_request_formats, :except => [:gpx_files] before_action :set_request_formats, :except => [:gpx_files]

1
app/controllers/api/versions_controller.rb
View file

@ -4,7 +4,6 @@ module Api
authorize_resource :class => false authorize_resource :class => false
before_action :set_request_formats before_action :set_request_formats
around_action :api_call_handle_error, :api_call_timeout
# Show the list of available API versions. This will replace the global # Show the list of available API versions. This will replace the global
# unversioned capabilities call in due course. # unversioned capabilities call in due course.

2
app/controllers/api/ways_controller.rb
View file

@ -6,8 +6,6 @@ module Api
authorize_resource authorize_resource
before_action :require_public_data, :only => [:create, :update, :delete] before_action :require_public_data, :only => [:create, :update, :delete]
around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats, :except => [:create, :update, :delete] before_action :set_request_formats, :except => [:create, :update, :delete]
before_action :check_rate_limit, :only => [:create, :update, :delete] before_action :check_rate_limit, :only => [:create, :update, :delete]

4
app/controllers/api_controller.rb
View file

@ -3,6 +3,8 @@ class ApiController < ApplicationController
before_action :check_api_readable before_action :check_api_readable
around_action :api_call_handle_error, :api_call_timeout
private private
## ##
@ -132,7 +134,7 @@ class ApiController < ApplicationController
report_error message, :bad_request report_error message, :bad_request
rescue OSM::APIError => e rescue OSM::APIError => e
report_error e.message, e.status report_error e.message, e.status
rescue AbstractController::ActionNotFound => e rescue AbstractController::ActionNotFound, CanCan::AccessDenied => e
raise raise
rescue StandardError => e rescue StandardError => e
logger.info("API threw unexpected #{e.class} exception: #{e.message}") logger.info("API threw unexpected #{e.class} exception: #{e.message}")