Merge pull request #4550 from tomhughes/drop-user-tokens

[rails.git] / app / controllers / browse_controller.rb

diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb
index cbb0f202395e92e1eabbd453a7e7f14f675247ca..db291f6eb89a8fc5900cd8c4da953f987473c55e 100644 (file)
--- a/app/controllers/browse_controller.rb
+++ b/app/controllers/browse_controller.rb
@@ -1,86 +1,68 @@
 class BrowseController < ApplicationController
   layout :map_layout
 
-  before_filter :authorize_web  
-  before_filter :set_locale 
-  before_filter { |c| c.check_database_readable(true) }
-  around_filter :web_timeout
+  before_action :authorize_web
+  before_action :set_locale
+  before_action -> { check_database_readable(:need_api => true) }
+  before_action :require_oauth
+  before_action :update_totp, :only => [:query]
+  before_action :require_moderator_for_unredacted_history, :only => [:relation_history, :way_history, :node_history]
+  around_action :web_timeout
+  authorize_resource :class => false
 
   def relation
     @type = "relation"
-    @relation = Relation.find(params[:id])
-    @next = Relation.visible.where("id > ?", @relation.id).order(:id => :asc).first
-    @prev = Relation.visible.where("id < ?", @relation.id).order(:id => :desc).first
+    @feature = Relation.preload(:relation_tags, :containing_relation_members, :changeset => [:changeset_tags, :user], :relation_members => :member).find(params[:id])
+    render "feature"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-  
+
   def relation_history
     @type = "relation"
-    @relation = Relation.find(params[:id])
+    @feature = Relation.preload(:relation_tags, :old_relations => [:old_tags, { :changeset => [:changeset_tags, :user], :old_members => :member }]).find(params[:id])
+    render "history"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-  
+
   def way
     @type = "way"
-    @way = Way.preload(:way_tags, :containing_relation_members, :changeset => :user, :nodes => [:node_tags, :ways => :way_tags]).find(params[:id])
-    @next = Way.visible.where("id > ?", @way.id).order(:id => :asc).first
-    @prev = Way.visible.where("id < ?", @way.id).order(:id => :desc).first
+    @feature = Way.preload(:way_tags, :containing_relation_members, :changeset => [:changeset_tags, :user], :nodes => [:node_tags, { :ways => :way_tags }]).find(params[:id])
+    render "feature"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-  
+
   def way_history
     @type = "way"
-    @way = Way.preload(:way_tags, :old_ways => { :changeset => :user }).find(params[:id])
+    @feature = Way.preload(:way_tags, :old_ways => [:old_tags, { :changeset => [:changeset_tags, :user], :old_nodes => { :node => [:node_tags, :ways] } }]).find(params[:id])
+    render "history"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
 
   def node
     @type = "node"
-    @node = Node.find(params[:id])
-    @next = Node.visible.where("id > ?", @node.id).order(:id => :asc).first
-    @prev = Node.visible.where("id < ?", @node.id).order(:id => :desc).first
+    @feature = Node.preload(:node_tags, :containing_relation_members, :changeset => [:changeset_tags, :user], :ways => :way_tags).find(params[:id])
+    render "feature"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-  
+
   def node_history
     @type = "node"
-    @node = Node.find(params[:id])
+    @feature = Node.preload(:node_tags, :old_nodes => [:old_tags, { :changeset => [:changeset_tags, :user] }]).find(params[:id])
+    render "history"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-  
-  def changeset
-    @type = "changeset"
 
-    @changeset = Changeset.find(params[:id])
-    @node_pages, @nodes = paginate(:old_nodes, :conditions => {:changeset_id => @changeset.id}, :per_page => 10, :parameter => 'node_page')
-    @way_pages, @ways = paginate(:old_ways, :conditions => {:changeset_id => @changeset.id}, :per_page => 10, :parameter => 'way_page')
-    @relation_pages, @relations = paginate(:old_relations, :conditions => {:changeset_id => @changeset.id}, :per_page => 10, :parameter => 'relation_page')
-      
-    @title = "#{I18n.t('browse.changeset.title')} | #{@changeset.id}"
-    @next = Changeset.where("id > ?", @changeset.id).order(:id => :asc).first
-    @prev = Changeset.where("id < ?", @changeset.id).order(:id => :desc).first
+  def query; end
 
-    if @changeset.user.data_public?
-      @next_by_user = @changeset.user.changesets.where("id > ?", @changeset.id).order(:id => :asc).first
-      @prev_by_user = @changeset.user.changesets.where("id < ?", @changeset.id).order(:id => :desc).first
-    end
-  rescue ActiveRecord::RecordNotFound
-    render :action => "not_found", :status => :not_found
-  end
+  private
 
-  def note
-    @type = "note"
-    @note = Note.find(params[:id])
-    @title = "#{I18n.t('browse.note.title')} | #{@note.id}"
-    @next = Note.visible.where("id > ?", @note.id).order(:id => :asc).first
-    @prev = Note.visible.where("id < ?", @note.id).order(:id => :desc).first
-  rescue ActiveRecord::RecordNotFound
-    render :action => "not_found", :status => :not_found
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
   end
 end