Move the capabilities call out of api_controller

[rails.git] / app / controllers / api_controller.rb

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 90883376c97d7af2cf8239b582baea67d576b7e9..2e1a07c3c36da2cb9b06b66581f945148c9e6974 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,6 +1,10 @@
 class ApiController < ApplicationController
   skip_before_action :verify_authenticity_token
-  before_action :check_api_readable, :except => [:capabilities]
+  before_action :api_deny_access_handler
+
+  authorize_resource :class => false
+
+  before_action :check_api_readable
   before_action :setup_user_auth, :only => [:permissions]
   around_action :api_call_handle_error, :api_call_timeout
 
@@ -247,17 +251,6 @@ class ApiController < ApplicationController
     end
   end
 
-  # External apps that use the api are able to query the api to find out some
-  # parameters of the API. It currently returns:
-  # * minimum and maximum API versions that can be used.
-  # * maximum area that can be requested in a bbox request in square degrees
-  # * number of tracepoints that are returned in each tracepoints page
-  def capabilities
-    @database_status = database_status
-    @api_status = api_status
-    @gpx_status = gpx_status
-  end
-
   # External apps that use the api are able to query which permissions
   # they have. This currently returns a list of permissions granted to the current user:
   # * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token.