Create user traces resource in api namespace

app/abilities/api_ability.rb

@@ -29,8 +29,6 @@ class ApiAbility
         can [:create, :update, :destroy], Trace if scope?(token, :write_gpx)
 
         can :details, User if scope?(token, :read_prefs)
-        can :gpx_files, User if scope?(token, :read_gpx)
-
         can :read, UserPreference if scope?(token, :read_prefs)
         can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs)
 

app/controllers/api/users/traces_controller.rb

@@ -0,0 +1,14 @@
+module Api
+  module Users
+    class TracesController < ApiController
+      before_action :authorize
+
+      authorize_resource :trace
+
+      def index
+        @traces = current_user.traces.reload
+        render :content_type => "application/xml"
+      end
+    end
+  end
+end

app/controllers/api/users_controller.rb

@@ -2,13 +2,13 @@ module Api
   class UsersController < ApiController
     before_action :disable_terms_redirect, :only => [:details]
     before_action :setup_user_auth, :only => [:show, :index]
-    before_action :authorize, :only => [:details, :gpx_files]
+    before_action :authorize, :only => [:details]
 
     authorize_resource
 
     load_resource :only => :show
 
-    before_action :set_request_formats, :except => [:gpx_files]
+    before_action :set_request_formats
 
     def index
       raise OSM::APIBadUserInput, "The parameter users is required, and must be of the form users=id[,id[,id...]]" unless params["users"]
@@ -47,11 +47,6 @@ module Api
       end
     end
 
-    def gpx_files
-      @traces = current_user.traces.reload
-      render :content_type => "application/xml"
-    end
-
     private
 
     def disable_terms_redirect

config/routes.rb

@@ -66,13 +66,12 @@ OpenStreetMap::Application.routes.draw do
     get "map" => "map#index"
 
     get "trackpoints" => "tracepoints#index"
-
-    get "user/gpx_files" => "users#gpx_files"
   end
 
   namespace :api, :path => "api/0.6" do
     resources :users, :only => :index
     resources :users, :path => "user", :id => /\d+/, :only => :show
+    resources :user_traces, :path => "user/gpx_files", :module => :users, :controller => :traces, :only => :index
     get "user/details" => "users#details"
 
     resources :user_preferences, :except => [:new, :create, :edit], :param => :preference_key, :path => "user/preferences" do

test/controllers/api/users/traces_controller_test.rb

@@ -0,0 +1,43 @@
+require "test_helper"
+
+module Api
+  module Users
+    class TracesControllerTest < ActionDispatch::IntegrationTest
+      ##
+      # test all routes which lead to this controller
+      def test_routes
+        assert_routing(
+          { :path => "/api/0.6/user/gpx_files", :method => :get },
+          { :controller => "api/users/traces", :action => "index" }
+        )
+      end
+
+      def test_index
+        user = create(:user)
+        trace1 = create(:trace, :user => user) do |trace|
+          create(:tracetag, :trace => trace, :tag => "London")
+        end
+        trace2 = create(:trace, :user => user) do |trace|
+          create(:tracetag, :trace => trace, :tag => "Birmingham")
+        end
+        # check that nothing is returned when not logged in
+        get api_user_traces_path
+        assert_response :unauthorized
+
+        # check that we get a response when logged in
+        auth_header = bearer_authorization_header user
+        get api_user_traces_path, :headers => auth_header
+        assert_response :success
+        assert_equal "application/xml", response.media_type
+
+        # check the data that is returned
+        assert_select "gpx_file[id='#{trace1.id}']", 1 do
+          assert_select "tag", "London"
+        end
+        assert_select "gpx_file[id='#{trace2.id}']", 1 do
+          assert_select "tag", "Birmingham"
+        end
+      end
+    end
+  end
+end

test/controllers/api/users_controller_test.rb

@@ -21,10 +21,6 @@ module Api
         { :path => "/api/0.6/user/details.json", :method => :get },
         { :controller => "api/users", :action => "details", :format => "json" }
       )
-      assert_routing(
-        { :path => "/api/0.6/user/gpx_files", :method => :get },
-        { :controller => "api/users", :action => "gpx_files" }
-      )
       assert_routing(
         { :path => "/api/0.6/users", :method => :get },
         { :controller => "api/users", :action => "index" }
@@ -405,33 +401,6 @@ module Api
       assert_select "user", :count => 0
     end
 
-    def test_gpx_files
-      user = create(:user)
-      trace1 = create(:trace, :user => user) do |trace|
-        create(:tracetag, :trace => trace, :tag => "London")
-      end
-      trace2 = create(:trace, :user => user) do |trace|
-        create(:tracetag, :trace => trace, :tag => "Birmingham")
-      end
-      # check that nothing is returned when not logged in
-      get user_gpx_files_path
-      assert_response :unauthorized
-
-      # check that we get a response when logged in
-      auth_header = bearer_authorization_header user
-      get user_gpx_files_path, :headers => auth_header
-      assert_response :success
-      assert_equal "application/xml", response.media_type
-
-      # check the data that is returned
-      assert_select "gpx_file[id='#{trace1.id}']", 1 do
-        assert_select "tag", "London"
-      end
-      assert_select "gpx_file[id='#{trace2.id}']", 1 do
-        assert_select "tag", "Birmingham"
-      end
-    end
-
     private
 
     def check_xml_details(user, include_private, include_email)