class ApiController < ApplicationController
skip_before_action :verify_authenticity_token
- before_action :check_api_readable, :except => [:capabilities]
+ before_action :api_deny_access_handler
+
+ authorize_resource :class => false
+
+ before_action :check_api_readable
before_action :setup_user_auth, :only => [:permissions]
around_action :api_call_handle_error, :api_call_timeout
end
end
- # External apps that use the api are able to query the api to find out some
- # parameters of the API. It currently returns:
- # * minimum and maximum API versions that can be used.
- # * maximum area that can be requested in a bbox request in square degrees
- # * number of tracepoints that are returned in each tracepoints page
- def capabilities
- @database_status = database_status
- @api_status = api_status
- @gpx_status = gpx_status
- end
-
# External apps that use the api are able to query which permissions
# they have. This currently returns a list of permissions granted to the current user:
# * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token.