Use CanCanCan to control access to oauth controller actions

[rails.git] / app / controllers / old_controller.rb

diff --git a/app/controllers/old_controller.rb b/app/controllers/old_controller.rb
index 9d7cf2113805213af325357fbc2a5751610f5341..4f01b1e2a1da41b5bd4d44fb1d5ba8c623ef1f4d 100644 (file)
--- a/app/controllers/old_controller.rb
+++ b/app/controllers/old_controller.rb
@@ -2,25 +2,24 @@
 # into one place. as it turns out, the API methods for historical
 # nodes, ways and relations are basically identical.
 class OldController < ApplicationController
-  require 'xml/libxml'
+  require "xml/libxml"
 
-  skip_before_filter :verify_authenticity_token
-  before_filter :setup_user_auth, :only => [:history, :version]
-  before_filter :authorize, :only => [:redact]
-  before_filter :authorize_moderator, :only => [:redact]
-  before_filter :require_allow_write_api, :only => [:redact]
-  before_filter :check_api_readable
-  before_filter :check_api_writable, :only => [:redact]
-  after_filter :compress_output
-  around_filter :api_call_handle_error, :api_call_timeout
-  before_filter :lookup_old_element, :except => [:history]
-  before_filter :lookup_old_element_versions, :only => [:history]
+  skip_before_action :verify_authenticity_token
+  before_action :setup_user_auth, :only => [:history, :version]
+  before_action :authorize, :only => [:redact]
+  before_action :authorize_moderator, :only => [:redact]
+  before_action :require_allow_write_api, :only => [:redact]
+  before_action :check_api_readable
+  before_action :check_api_writable, :only => [:redact]
+  around_action :api_call_handle_error, :api_call_timeout
+  before_action :lookup_old_element, :except => [:history]
+  before_action :lookup_old_element_versions, :only => [:history]
 
   def history
     # the .where() method used in the lookup_old_element_versions
     # call won't throw an error if no records are found, so we have
     # to do that ourselves.
-    fail OSM::APINotFoundError.new if @elements.empty?
+    raise OSM::APINotFoundError if @elements.empty?
 
     doc = OSM::API.new.get_xml_doc
 
@@ -34,12 +33,12 @@ class OldController < ApplicationController
       doc.root << element.to_xml_node
     end
 
-    render :text => doc.to_s, :content_type => "text/xml"
+    render :xml => doc.to_s
   end
 
   def version
     if @old_element.redacted? && !show_redactions?
-      render :text => "", :status => :forbidden
+      head :forbidden
 
     else
       response.last_modified = @old_element.timestamp
@@ -47,12 +46,12 @@ class OldController < ApplicationController
       doc = OSM::API.new.get_xml_doc
       doc.root << @old_element.to_xml_node
 
-      render :text => doc.to_s, :content_type => "text/xml"
+      render :xml => doc.to_s
     end
   end
 
   def redact
-    redaction_id = params['redaction']
+    redaction_id = params["redaction"]
     if redaction_id.nil?
       # if no redaction ID was provided, then this is an unredact
       # operation.
@@ -65,12 +64,12 @@ class OldController < ApplicationController
     end
 
     # just return an empty 200 OK for success
-    render :text => ""
+    head :ok
   end
 
   private
 
   def show_redactions?
-    @user && @user.moderator? && params[:show_redactions] == "true"
+    current_user&.moderator? && params[:show_redactions] == "true"
   end
 end