Merge remote-tracking branch 'upstream/pull/4632'

[rails.git] / app / controllers / api / users_controller.rb

diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
index 70ad93f65e4862c33f73bd40d8a52f302f7317c6..6fa47095a16f9c062ba246100bea989ff7dd9ecb 100644 (file)
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -1,61 +1,61 @@
 module Api
-  class UsersController < ApplicationController
-    layout "site", :except => [:api_details]
-
-    skip_before_action :verify_authenticity_token
-    before_action :disable_terms_redirect, :only => [:api_details]
-    before_action :authorize, :only => [:api_details, :api_gpx_files]
-    before_action :api_deny_access_handler
+  class UsersController < ApiController
+    before_action :check_api_readable
+    before_action :disable_terms_redirect, :only => [:details]
+    before_action :setup_user_auth, :only => [:show, :index]
+    before_action :authorize, :only => [:details, :gpx_files]
 
     authorize_resource
 
-    before_action :check_api_readable
     around_action :api_call_handle_error
-    before_action :lookup_user_by_id, :only => [:api_read]
+    load_resource :only => :show
 
-    def api_read
-      if @user.visible?
-        render :action => :api_read, :content_type => "text/xml"
-      else
-        head :gone
-      end
-    end
-
-    def api_details
-      @user = current_user
-      render :action => :api_read, :content_type => "text/xml"
-    end
+    before_action :set_request_formats, :except => [:gpx_files]
 
-    def api_users
+    def index
       raise OSM::APIBadUserInput, "The parameter users is required, and must be of the form users=id[,id[,id...]]" unless params["users"]
 
       ids = params["users"].split(",").collect(&:to_i)
 
       raise OSM::APIBadUserInput, "No users were given to search for" if ids.empty?
 
-      @users = User.visible.find(ids)
+      @users = User.visible.where(:id => ids).in_order_of(:id, ids)
 
-      render :action => :api_users, :content_type => "text/xml"
+      # Render the result
+      respond_to do |format|
+        format.xml
+        format.json
+      end
     end
 
-    def api_gpx_files
-      doc = OSM::API.new.get_xml_doc
-      current_user.traces.reload.each do |trace|
-        doc.root << trace.to_xml_node
+    def show
+      if @user.visible?
+        # Render the result
+        respond_to do |format|
+          format.xml
+          format.json
+        end
+      else
+        head :gone
       end
-      render :xml => doc.to_s
     end
 
-    private
+    def details
+      @user = current_user
+      # Render the result
+      respond_to do |format|
+        format.xml { render :show }
+        format.json { render :show }
+      end
+    end
 
-    ##
-    # ensure that there is a "user" instance variable
-    def lookup_user_by_id
-      @user = User.find(params[:id])
+    def gpx_files
+      @traces = current_user.traces.reload
+      render :content_type => "application/xml"
     end
 
-    ##
-    #
+    private
+
     def disable_terms_redirect
       # this is necessary otherwise going to the user terms page, when
       # having not agreed already would cause an infinite redirect loop.