cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move check_api_readable to api_controller

Browse source 
It's easier to skip the check in the two places that we need to, and
include it by default everywhere else.
This commit is contained in:
Andy Allan 2024-05-29 14:54:16 +01:00
parent 0bbfe922ea
commit c1cccd40fc
17 changed files with 5 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/capabilities_controller.rb
View file

@ -1,5 +1,7 @@
module Api
class CapabilitiesController < ApiController
skip_before_action :check_api_readable
authorize_resource :class => false
before_action :set_request_formats

1
app/controllers/api/changeset_comments_controller.rb
View file

@ -1,6 +1,5 @@
module Api
class ChangesetCommentsController < ApiController
before_action :check_api_readable
before_action :check_api_writable
before_action :authorize

1
app/controllers/api/changesets_controller.rb
View file

@ -2,7 +2,6 @@
module Api
class ChangesetsController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe]
before_action :setup_user_auth, :only => [:show]
before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]

2
app/controllers/api/map_controller.rb
View file

@ -1,7 +1,5 @@
module Api
class MapController < ApiController
before_action :check_api_readable
authorize_resource :class => false
around_action :api_call_handle_error, :api_call_timeout

1
app/controllers/api/nodes_controller.rb
View file

@ -2,7 +2,6 @@
module Api
class NodesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :authorize, :only => [:create, :update, :delete]

1
app/controllers/api/notes_controller.rb
View file

@ -1,6 +1,5 @@
module Api
class NotesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
before_action :setup_user_auth, :only => [:create, :show]
before_action :authorize, :only => [:close, :reopen, :destroy, :comment]

1
app/controllers/api/old_elements_controller.rb
View file

@ -3,7 +3,6 @@
# nodes, ways and relations are basically identical.
module Api
class OldElementsController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:redact]
before_action :setup_user_auth, :only => [:history, :show]
before_action :authorize, :only => [:redact]

2
app/controllers/api/permissions_controller.rb
View file

@ -1,7 +1,5 @@
module Api
class PermissionsController < ApiController
before_action :check_api_readable
authorize_resource :class => false
before_action :setup_user_auth

1
app/controllers/api/relations_controller.rb
View file

@ -1,6 +1,5 @@
module Api
class RelationsController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :authorize, :only => [:create, :update, :delete]

2
app/controllers/api/tracepoints_controller.rb
View file

@ -1,7 +1,5 @@
module Api
class TracepointsController < ApiController
before_action :check_api_readable
authorize_resource
around_action :api_call_handle_error, :api_call_timeout

1
app/controllers/api/traces_controller.rb
View file

@ -1,6 +1,5 @@
module Api
class TracesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :destroy]
before_action :set_locale
before_action :authorize

2
app/controllers/api/user_blocks_controller.rb
View file

@ -1,7 +1,5 @@
module Api
class UserBlocksController < ApiController
before_action :check_api_readable
authorize_resource
around_action :api_call_handle_error, :api_call_timeout

1
app/controllers/api/user_preferences_controller.rb
View file

@ -1,7 +1,6 @@
# Update and read user preferences, which are arbitrary key/val pairs
module Api
class UserPreferencesController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:update_all, :update, :destroy]
before_action :authorize

1
app/controllers/api/users_controller.rb
View file

@ -1,6 +1,5 @@
module Api
class UsersController < ApiController
before_action :check_api_readable
before_action :disable_terms_redirect, :only => [:details]
before_action :setup_user_auth, :only => [:show, :index]
before_action :authorize, :only => [:details, :gpx_files]

1
app/controllers/api/versions_controller.rb
View file

@ -1,5 +1,6 @@
module Api
class VersionsController < ApiController
skip_before_action :check_api_readable
authorize_resource :class => false
before_action :set_request_formats

1
app/controllers/api/ways_controller.rb
View file

@ -1,6 +1,5 @@
module Api
class WaysController < ApiController
before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :authorize, :only => [:create, :update, :delete]

2
app/controllers/api_controller.rb
View file

@ -1,6 +1,8 @@
class ApiController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :check_api_readable
private
##