Move node/way/relation/old_* controllers into the api namespace

app/controllers/api/nodes_controller.rb

@@ -0,0 +1,83 @@
+# The NodeController is the RESTful interface to Node objects
+
+module Api
+  class NodesController < ApplicationController
+    require "xml/libxml"
+
+    skip_before_action :verify_authenticity_token
+    before_action :authorize, :only => [:create, :update, :delete]
+    before_action :api_deny_access_handler
+
+    authorize_resource
+
+    before_action :require_public_data, :only => [:create, :update, :delete]
+    before_action :check_api_writable, :only => [:create, :update, :delete]
+    before_action :check_api_readable, :except => [:create, :update, :delete]
+    around_action :api_call_handle_error, :api_call_timeout
+
+    # Create a node from XML.
+    def create
+      assert_method :put
+
+      node = Node.from_xml(request.raw_post, true)
+
+      # Assume that Node.from_xml has thrown an exception if there is an error parsing the xml
+      node.create_with_history current_user
+      render :plain => node.id.to_s
+    end
+
+    # Dump the details on a node given in params[:id]
+    def show
+      node = Node.find(params[:id])
+
+      response.last_modified = node.timestamp
+
+      if node.visible
+        render :xml => node.to_xml.to_s
+      else
+        head :gone
+      end
+    end
+
+    # Update a node from given XML
+    def update
+      node = Node.find(params[:id])
+      new_node = Node.from_xml(request.raw_post)
+
+      raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
+
+      node.update_from(new_node, current_user)
+      render :plain => node.version.to_s
+    end
+
+    # Delete a node. Doesn't actually delete it, but retains its history
+    # in a wiki-like way. We therefore treat it like an update, so the delete
+    # method returns the new version number.
+    def delete
+      node = Node.find(params[:id])
+      new_node = Node.from_xml(request.raw_post)
+
+      raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})" unless new_node && new_node.id == node.id
+
+      node.delete_with_history!(new_node, current_user)
+      render :plain => node.version.to_s
+    end
+
+    # Dump the details on many nodes whose ids are given in the "nodes" parameter.
+    def index
+      raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]" unless params["nodes"]
+
+      ids = params["nodes"].split(",").collect(&:to_i)
+
+      raise OSM::APIBadUserInput, "No nodes were given to search for" if ids.empty?
+
+      doc = OSM::API.new.get_xml_doc
+
+      Node.find(ids).each do |node|
+        doc.root << node.to_xml_node
+      end
+
+      render :xml => doc.to_s
+    end
+  end
+end

app/controllers/api/old_controller.rb

@@ -0,0 +1,79 @@
+# this class pulls together the logic for all the old_* controllers
+# into one place. as it turns out, the API methods for historical
+# nodes, ways and relations are basically identical.
+module Api
+  class OldController < ApplicationController
+    require "xml/libxml"
+
+    skip_before_action :verify_authenticity_token
+    before_action :setup_user_auth, :only => [:history, :version]
+    before_action :api_deny_access_handler
+    before_action :authorize, :only => [:redact]
+
+    authorize_resource
+
+    before_action :check_api_readable
+    before_action :check_api_writable, :only => [:redact]
+    around_action :api_call_handle_error, :api_call_timeout
+    before_action :lookup_old_element, :except => [:history]
+    before_action :lookup_old_element_versions, :only => [:history]
+
+    def history
+      # the .where() method used in the lookup_old_element_versions
+      # call won't throw an error if no records are found, so we have
+      # to do that ourselves.
+      raise OSM::APINotFoundError if @elements.empty?
+
+      doc = OSM::API.new.get_xml_doc
+
+      visible_elements = if show_redactions?
+                           @elements
+                         else
+                           @elements.unredacted
+                         end
+
+      visible_elements.each do |element|
+        doc.root << element.to_xml_node
+      end
+
+      render :xml => doc.to_s
+    end
+
+    def version
+      if @old_element.redacted? && !show_redactions?
+        head :forbidden
+
+      else
+        response.last_modified = @old_element.timestamp
+
+        doc = OSM::API.new.get_xml_doc
+        doc.root << @old_element.to_xml_node
+
+        render :xml => doc.to_s
+      end
+    end
+
+    def redact
+      redaction_id = params["redaction"]
+      if redaction_id.nil?
+        # if no redaction ID was provided, then this is an unredact
+        # operation.
+        @old_element.redact!(nil)
+      else
+        # if a redaction ID was specified, then set this element to
+        # be redacted in that redaction.
+        redaction = Redaction.find(redaction_id.to_i)
+        @old_element.redact!(redaction)
+      end
+
+      # just return an empty 200 OK for success
+      head :ok
+    end
+
+    private
+
+    def show_redactions?
+      current_user&.moderator? && params[:show_redactions] == "true"
+    end
+  end
+end

app/controllers/api/old_nodes_controller.rb

@@ -0,0 +1,13 @@
+module Api
+  class OldNodesController < OldController
+    private
+
+    def lookup_old_element
+      @old_element = OldNode.find([params[:id], params[:version]])
+    end
+
+    def lookup_old_element_versions
+      @elements = OldNode.where(:node_id => params[:id]).order(:version)
+    end
+  end
+end

app/controllers/api/old_relations_controller.rb

@@ -0,0 +1,13 @@
+module Api
+  class OldRelationsController < OldController
+    private
+
+    def lookup_old_element
+      @old_element = OldRelation.find([params[:id], params[:version]])
+    end
+
+    def lookup_old_element_versions
+      @elements = OldRelation.where(:relation_id => params[:id]).order(:version)
+    end
+  end
+end

app/controllers/api/old_ways_controller.rb

@@ -0,0 +1,13 @@
+module Api
+  class OldWaysController < OldController
+    private
+
+    def lookup_old_element
+      @old_element = OldWay.find([params[:id], params[:version]])
+    end
+
+    def lookup_old_element_versions
+      @elements = OldWay.where(:way_id => params[:id]).order(:version)
+    end
+  end
+end

app/controllers/api/relations_controller.rb

@@ -0,0 +1,169 @@
+module Api
+  class RelationsController < ApplicationController
+    require "xml/libxml"
+
+    skip_before_action :verify_authenticity_token
+    before_action :authorize, :only => [:create, :update, :delete]
+    before_action :api_deny_access_handler
+
+    authorize_resource
+
+    before_action :require_public_data, :only => [:create, :update, :delete]
+    before_action :check_api_writable, :only => [:create, :update, :delete]
+    before_action :check_api_readable, :except => [:create, :update, :delete]
+    around_action :api_call_handle_error, :api_call_timeout
+
+    def create
+      assert_method :put
+
+      relation = Relation.from_xml(request.raw_post, true)
+
+      # Assume that Relation.from_xml has thrown an exception if there is an error parsing the xml
+      relation.create_with_history current_user
+      render :plain => relation.id.to_s
+    end
+
+    def show
+      relation = Relation.find(params[:id])
+      response.last_modified = relation.timestamp
+      if relation.visible
+        render :xml => relation.to_xml.to_s
+      else
+        head :gone
+      end
+    end
+
+    def update
+      logger.debug request.raw_post
+
+      relation = Relation.find(params[:id])
+      new_relation = Relation.from_xml(request.raw_post)
+
+      raise OSM::APIBadUserInput, "The id in the url (#{relation.id}) is not the same as provided in the xml (#{new_relation.id})" unless new_relation && new_relation.id == relation.id
+
+      relation.update_from new_relation, current_user
+      render :plain => relation.version.to_s
+    end
+
+    def delete
+      relation = Relation.find(params[:id])
+      new_relation = Relation.from_xml(request.raw_post)
+      if new_relation && new_relation.id == relation.id
+        relation.delete_with_history!(new_relation, current_user)
+        render :plain => relation.version.to_s
+      else
+        head :bad_request
+      end
+    end
+
+    # -----------------------------------------------------------------
+    # full
+    #
+    # input parameters: id
+    #
+    # returns XML representation of one relation object plus all its
+    # members, plus all nodes part of member ways
+    # -----------------------------------------------------------------
+    def full
+      relation = Relation.find(params[:id])
+
+      if relation.visible
+
+        # first find the ids of nodes, ways and relations referenced by this
+        # relation - note that we exclude this relation just in case.
+
+        node_ids = relation.members.select { |m| m[0] == "Node" }.map { |m| m[1] }
+        way_ids = relation.members.select { |m| m[0] == "Way" }.map { |m| m[1] }
+        relation_ids = relation.members.select { |m| m[0] == "Relation" && m[1] != relation.id }.map { |m| m[1] }
+
+        # next load the relations and the ways.
+
+        relations = Relation.where(:id => relation_ids).includes(:relation_tags)
+        ways = Way.where(:id => way_ids).includes(:way_nodes, :way_tags)
+
+        # now additionally collect nodes referenced by ways. Note how we
+        # recursively evaluate ways but NOT relations.
+
+        way_node_ids = ways.collect do |way|
+          way.way_nodes.collect(&:node_id)
+        end
+        node_ids += way_node_ids.flatten
+        nodes = Node.where(:id => node_ids.uniq).includes(:node_tags)
+
+        # create XML.
+        doc = OSM::API.new.get_xml_doc
+        visible_nodes = {}
+        changeset_cache = {}
+        user_display_name_cache = {}
+
+        nodes.each do |node|
+          next unless node.visible? # should be unnecessary if data is consistent.
+
+          doc.root << node.to_xml_node(changeset_cache, user_display_name_cache)
+          visible_nodes[node.id] = node
+        end
+
+        ways.each do |way|
+          next unless way.visible? # should be unnecessary if data is consistent.
+
+          doc.root << way.to_xml_node(visible_nodes, changeset_cache, user_display_name_cache)
+        end
+
+        relations.each do |rel|
+          next unless rel.visible? # should be unnecessary if data is consistent.
+
+          doc.root << rel.to_xml_node(changeset_cache, user_display_name_cache)
+        end
+
+        # finally add self and output
+        doc.root << relation.to_xml_node(changeset_cache, user_display_name_cache)
+        render :xml => doc.to_s
+
+      else
+        head :gone
+      end
+    end
+
+    def index
+      raise OSM::APIBadUserInput, "The parameter relations is required, and must be of the form relations=id[,id[,id...]]" unless params["relations"]
+
+      ids = params["relations"].split(",").collect(&:to_i)
+
+      raise OSM::APIBadUserInput, "No relations were given to search for" if ids.empty?
+
+      doc = OSM::API.new.get_xml_doc
+
+      Relation.find(ids).each do |relation|
+        doc.root << relation.to_xml_node
+      end
+
+      render :xml => doc.to_s
+    end
+
+    def relations_for_way
+      relations_for_object("Way")
+    end
+
+    def relations_for_node
+      relations_for_object("Node")
+    end
+
+    def relations_for_relation
+      relations_for_object("Relation")
+    end
+
+    private
+
+    def relations_for_object(objtype)
+      relationids = RelationMember.where(:member_type => objtype, :member_id => params[:id]).collect(&:relation_id).uniq
+
+      doc = OSM::API.new.get_xml_doc
+
+      Relation.find(relationids).each do |relation|
+        doc.root << relation.to_xml_node if relation.visible
+      end
+
+      render :xml => doc.to_s
+    end
+  end
+end

app/controllers/api/ways_controller.rb

@@ -0,0 +1,120 @@
+module Api
+  class WaysController < ApplicationController
+    require "xml/libxml"
+
+    skip_before_action :verify_authenticity_token
+    before_action :authorize, :only => [:create, :update, :delete]
+    before_action :api_deny_access_handler
+
+    authorize_resource
+
+    before_action :require_public_data, :only => [:create, :update, :delete]
+    before_action :check_api_writable, :only => [:create, :update, :delete]
+    before_action :check_api_readable, :except => [:create, :update, :delete]
+    around_action :api_call_handle_error, :api_call_timeout
+
+    def create
+      assert_method :put
+
+      way = Way.from_xml(request.raw_post, true)
+
+      # Assume that Way.from_xml has thrown an exception if there is an error parsing the xml
+      way.create_with_history current_user
+      render :plain => way.id.to_s
+    end
+
+    def show
+      way = Way.find(params[:id])
+
+      response.last_modified = way.timestamp
+
+      if way.visible
+        render :xml => way.to_xml.to_s
+      else
+        head :gone
+      end
+    end
+
+    def update
+      way = Way.find(params[:id])
+      new_way = Way.from_xml(request.raw_post)
+
+      unless new_way && new_way.id == way.id
+        raise OSM::APIBadUserInput, "The id in the url (#{way.id}) is not the same as provided in the xml (#{new_way.id})"
+      end
+
+      way.update_from(new_way, current_user)
+      render :plain => way.version.to_s
+    end
+
+    # This is the API call to delete a way
+    def delete
+      way = Way.find(params[:id])
+      new_way = Way.from_xml(request.raw_post)
+
+      if new_way && new_way.id == way.id
+        way.delete_with_history!(new_way, current_user)
+        render :plain => way.version.to_s
+      else
+        head :bad_request
+      end
+    end
+
+    def full
+      way = Way.includes(:nodes => :node_tags).find(params[:id])
+
+      if way.visible
+        visible_nodes = {}
+        changeset_cache = {}
+        user_display_name_cache = {}
+
+        doc = OSM::API.new.get_xml_doc
+        way.nodes.uniq.each do |node|
+          if node.visible
+            doc.root << node.to_xml_node(changeset_cache, user_display_name_cache)
+            visible_nodes[node.id] = node
+          end
+        end
+        doc.root << way.to_xml_node(visible_nodes, changeset_cache, user_display_name_cache)
+
+        render :xml => doc.to_s
+      else
+        head :gone
+      end
+    end
+
+    def index
+      unless params["ways"]
+        raise OSM::APIBadUserInput, "The parameter ways is required, and must be of the form ways=id[,id[,id...]]"
+      end
+
+      ids = params["ways"].split(",").collect(&:to_i)
+
+      raise OSM::APIBadUserInput, "No ways were given to search for" if ids.empty?
+
+      doc = OSM::API.new.get_xml_doc
+
+      Way.find(ids).each do |way|
+        doc.root << way.to_xml_node
+      end
+
+      render :xml => doc.to_s
+    end
+
+    ##
+    # returns all the ways which are currently using the node given in the
+    # :id parameter. note that this used to return deleted ways as well, but
+    # this seemed not to be the expected behaviour, so it was removed.
+    def ways_for_node
+      wayids = WayNode.where(:node_id => params[:id]).collect { |ws| ws.id[0] }.uniq
+
+      doc = OSM::API.new.get_xml_doc
+
+      Way.find(wayids).each do |way|
+        doc.root << way.to_xml_node if way.visible
+      end
+
+      render :xml => doc.to_s
+    end
+  end
+end