cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move check_api_readable to api_controller

Browse source 
It's easier to skip the check in the two places that we need to, and
include it by default everywhere else.
This commit is contained in:
Andy Allan 2024-05-29 14:54:16 +01:00
parent 0bbfe922ea
commit c1cccd40fc
17 changed files with 5 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/capabilities_controller.rb
View file

@ -1,5 +1,7 @@
module Api module Api
class CapabilitiesController < ApiController class CapabilitiesController < ApiController
skip_before_action :check_api_readable
authorize_resource :class => false authorize_resource :class => false
before_action :set_request_formats before_action :set_request_formats

1
app/controllers/api/changeset_comments_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class ChangesetCommentsController < ApiController class ChangesetCommentsController < ApiController
before_action :check_api_readable
before_action :check_api_writable before_action :check_api_writable
before_action :authorize before_action :authorize

1
app/controllers/api/changesets_controller.rb
View file

@ -2,7 +2,6 @@
module Api module Api
class ChangesetsController < ApiController class ChangesetsController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe]
before_action :setup_user_auth, :only => [:show] before_action :setup_user_auth, :only => [:show]
before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]

2
app/controllers/api/map_controller.rb
View file

@ -1,7 +1,5 @@
module Api module Api
class MapController < ApiController class MapController < ApiController
before_action :check_api_readable
authorize_resource :class => false authorize_resource :class => false
around_action :api_call_handle_error, :api_call_timeout around_action :api_call_handle_error, :api_call_timeout

1
app/controllers/api/nodes_controller.rb
View file

@ -2,7 +2,6 @@
module Api module Api
class NodesController < ApiController class NodesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :delete] before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :authorize, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete]

1
app/controllers/api/notes_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class NotesController < ApiController class NotesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
before_action :setup_user_auth, :only => [:create, :show] before_action :setup_user_auth, :only => [:create, :show]
before_action :authorize, :only => [:close, :reopen, :destroy, :comment] before_action :authorize, :only => [:close, :reopen, :destroy, :comment]

1
app/controllers/api/old_elements_controller.rb
View file

@ -3,7 +3,6 @@
# nodes, ways and relations are basically identical. # nodes, ways and relations are basically identical.
module Api module Api
class OldElementsController < ApiController class OldElementsController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:redact] before_action :check_api_writable, :only => [:redact]
before_action :setup_user_auth, :only => [:history, :show] before_action :setup_user_auth, :only => [:history, :show]
before_action :authorize, :only => [:redact] before_action :authorize, :only => [:redact]

2
app/controllers/api/permissions_controller.rb
View file

@ -1,7 +1,5 @@
module Api module Api
class PermissionsController < ApiController class PermissionsController < ApiController
before_action :check_api_readable
authorize_resource :class => false authorize_resource :class => false
before_action :setup_user_auth before_action :setup_user_auth

1
app/controllers/api/relations_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class RelationsController < ApiController class RelationsController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :delete] before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :authorize, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete]

2
app/controllers/api/tracepoints_controller.rb
View file

@ -1,7 +1,5 @@
module Api module Api
class TracepointsController < ApiController class TracepointsController < ApiController
before_action :check_api_readable
authorize_resource authorize_resource
around_action :api_call_handle_error, :api_call_timeout around_action :api_call_handle_error, :api_call_timeout

1
app/controllers/api/traces_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class TracesController < ApiController class TracesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :destroy] before_action :check_api_writable, :only => [:create, :update, :destroy]
before_action :set_locale before_action :set_locale
before_action :authorize before_action :authorize

2
app/controllers/api/user_blocks_controller.rb
View file

@ -1,7 +1,5 @@
module Api module Api
class UserBlocksController < ApiController class UserBlocksController < ApiController
before_action :check_api_readable
authorize_resource authorize_resource
around_action :api_call_handle_error, :api_call_timeout around_action :api_call_handle_error, :api_call_timeout

1
app/controllers/api/user_preferences_controller.rb
View file

@ -1,7 +1,6 @@
# Update and read user preferences, which are arbitrary key/val pairs # Update and read user preferences, which are arbitrary key/val pairs
module Api module Api
class UserPreferencesController < ApiController class UserPreferencesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:update_all, :update, :destroy] before_action :check_api_writable, :only => [:update_all, :update, :destroy]
before_action :authorize before_action :authorize

1
app/controllers/api/users_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class UsersController < ApiController class UsersController < ApiController
before_action :check_api_readable
before_action :disable_terms_redirect, :only => [:details] before_action :disable_terms_redirect, :only => [:details]
before_action :setup_user_auth, :only => [:show, :index] before_action :setup_user_auth, :only => [:show, :index]
before_action :authorize, :only => [:details, :gpx_files] before_action :authorize, :only => [:details, :gpx_files]

1
app/controllers/api/versions_controller.rb
View file

@ -1,5 +1,6 @@
module Api module Api
class VersionsController < ApiController class VersionsController < ApiController
skip_before_action :check_api_readable
authorize_resource :class => false authorize_resource :class => false
before_action :set_request_formats before_action :set_request_formats

1
app/controllers/api/ways_controller.rb
View file

@ -1,6 +1,5 @@
module Api module Api
class WaysController < ApiController class WaysController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :delete] before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :authorize, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete]

2
app/controllers/api_controller.rb
View file

@ -1,6 +1,8 @@
class ApiController < ApplicationController class ApiController < ApplicationController
skip_before_action :verify_authenticity_token skip_before_action :verify_authenticity_token
before_action :check_api_readable
private private
## ##