openstreetmap-website/app/controllers/api/old_controller.rb

# this class pulls together the logic for all the old_* controllers
# into one place. as it turns out, the API methods for historical
# nodes, ways and relations are basically identical.
module Api
  class OldController < ApiController
    require "xml/libxml"

    before_action :setup_user_auth, :only => [:history, :version]
    before_action :authorize, :only => [:redact]

    authorize_resource

    before_action :check_api_readable
    before_action :check_api_writable, :only => [:redact]
    around_action :api_call_handle_error, :api_call_timeout
    before_action :lookup_old_element, :except => [:history]
    before_action :lookup_old_element_versions, :only => [:history]

    def history
      # the .where() method used in the lookup_old_element_versions
      # call won't throw an error if no records are found, so we have
      # to do that ourselves.
      raise OSM::APINotFoundError if @elements.empty?

      visible_elements = if show_redactions?
                           @elements
                         else
                           @elements.unredacted
                         end

      @elems = []

      visible_elements.each do |element|
        @elems << element
      end

      # Render the result
      respond_to do |format|
        format.xml
      end
    end

    def version
      if @old_element.redacted? && !show_redactions?
        head :forbidden

      else
        response.last_modified = @old_element.timestamp

        @elems = [@old_element]

        # Render the result
        respond_to do |format|
          format.xml
        end
      end
    end

    def redact
      redaction_id = params["redaction"]
      if redaction_id.nil?
        # if no redaction ID was provided, then this is an unredact
        # operation.
        @old_element.redact!(nil)
      else
        # if a redaction ID was specified, then set this element to
        # be redacted in that redaction.
        redaction = Redaction.find(redaction_id.to_i)
        @old_element.redact!(redaction)
      end

      # just return an empty 200 OK for success
      head :ok
    end

    private

    def show_redactions?
      current_user&.moderator? && params[:show_redactions] == "true"
    end
  end
end