- def map
-
-
- doc = XML::Document.new
- doc.encoding = 'UTF-8'
- root = XML::Node.new 'osm'
- root['version'] = '0.4'
- root['generator'] = 'OpenStreetMap server'
- doc.root = root
-
- render :text => doc.to_s
-
- #el1 = XML::Node.new 'node'
- #el1['id'] = self.id.to_s
- #el1['lat'] = self.latitude.to_s
- #el1['lon'] = self.longitude.to_s
- #Node.split_tags(el1, self.tags)
- #el1['visible'] = self.visible.to_s
- #el1['timestamp'] = self.timestamp.xmlschema
- #root << el1
+ private
+
+ ##
+ # Set default request format to xml unless a client requests a specific format,
+ # which can be done via (a) URL suffix and/or (b) HTTP Accept header, where
+ # the URL suffix always takes precedence over the Accept header.
+ def set_default_request_format
+ unless params[:format]
+ accept_header = request.headers["HTTP_ACCEPT"]
+ if accept_header.nil?
+ # e.g. unit tests don't set an Accept: header by default, force XML in this case
+ request.format = "xml"
+ return
+ end
+
+ req_mimetypes = []
+
+ # Some clients (JOSM) send Accept headers which cannot be parsed by Rails, example: *; q=.2
+ # To be fair, JOSM's Accept header doesn't adhere to RFC 7231, section 5.3.1, et al. either
+ # As a workaround for backwards compatibility, we're assuming XML format
+ begin
+ req_mimetypes = Mime::Type.parse(accept_header)
+ rescue Mime::Type::InvalidMimeType
+ request.format = "xml"
+ return
+ end
+
+ # req_mimetypes contains all Accept header MIME types with descending priority
+ req_mimetypes.each do |mime|
+ if mime.symbol == :xml
+ request.format = "xml"
+ break
+ end
+
+ if mime.symbol == :json
+ request.format = "json"
+ break
+ end
+
+ # Any format, not explicitly requesting XML or JSON -> assume XML as default
+ if mime == "*/*"
+ request.format = "xml"
+ break
+ end
+ end
+ end
+ end
+
+ def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you")
+ # make the current_user object from any auth sources we have
+ setup_user_auth
+
+ # handle authenticate pass/fail
+ unless current_user
+ # no auth, the user does not exist or the password was wrong
+ response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
+ render :plain => errormessage, :status => :unauthorized
+ false
+ end
+ end
+
+ def current_ability
+ # Use capabilities from the oauth token if it exists and is a valid access token
+ if Authenticator.new(self, [:token]).allow?
+ ApiAbility.new(nil).merge(ApiCapability.new(current_token))
+ else
+ ApiAbility.new(current_user)
+ end
+ end
+
+ def deny_access(_exception)
+ if current_token
+ set_locale
+ report_error t("oauth.permissions.missing"), :forbidden
+ elsif current_user
+ head :forbidden
+ else
+ realm = "Web Password"
+ errormessage = "Couldn't authenticate you"
+ response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
+ render :plain => errormessage, :status => :unauthorized
+ end
+ end
+
+ def gpx_status
+ status = database_status
+ status = "offline" if status == "online" && Settings.status == "gpx_offline"
+ status