Reject uploads unless the user has made their edits pubic.

[rails.git] / app / controllers / changeset_controller.rb

diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb
index 9b09549d0f91def074c5e6bc9065c91cd43072c3..4913a600e1d036a5c0e41dcdbd35b97764acd32d 100644 (file)
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@@ -7,8 +7,9 @@ class ChangesetController < ApplicationController
   session :off, :except => [:list, :list_user, :list_bbox]
   before_filter :authorize_web, :only => [:list, :list_user, :list_bbox]
   before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close]
-  before_filter :check_write_availability, :only => [:create, :update, :delete, :upload, :include]
-  before_filter :check_read_availability, :except => [:create, :update, :delete, :upload, :download, :query]
+  before_filter :require_public_data, :only => [:create, :update, :delete, :upload, :include, :close]
+  before_filter :check_api_writable, :only => [:create, :update, :delete, :upload, :include]
+  before_filter :check_api_readable, :except => [:create, :update, :delete, :upload, :download, :query]
   after_filter :compress_output
 
   # Help methods for checking boundary sanity and area size
@@ -114,6 +115,8 @@ class ChangesetController < ApplicationController
       render :nothing => true, :status => :method_not_allowed
     end
 
+  rescue LibXML::XML::Error, ArgumentError => ex
+    raise OSM::APIBadXMLError.new("osm", xml, ex.message)
   rescue ActiveRecord::RecordNotFound
     render :nothing => true, :status => :not_found
   rescue OSM::APIError => ex
@@ -349,9 +352,10 @@ class ChangesetController < ApplicationController
     if params['bbox']
        bbox = params['bbox']
     elsif params['minlon'] and params['minlat'] and params['maxlon'] and params['maxlat']
-       bbox = params['minlon'] + ',' + params['minlat'] + ',' + params['maxlon'] + ',' + params['maxlat']
+       bbox = h(params['minlon']) + ',' + h(params['minlat']) + ',' + h(params['maxlon']) + ',' + h(params['maxlat'])
     else
-      redirect_to :action => 'list'
+      #TODO: fix bugs in location determination for history tab (and other tabs) then uncomment this redirect
+      #redirect_to :action => 'list'
     end
        
     conditions = conditions_bbox(bbox);
@@ -460,7 +464,7 @@ private
   # if parameter 'open' is nill then open and closed changsets are returned
   def conditions_open(open)
     return open.nil? ? nil : ['closed_at >= ? and num_changes <= ?', 
-                              DateTime.now, Changeset::MAX_ELEMENTS]
+                              Time.now.getutc, Changeset::MAX_ELEMENTS]
   end
   
   ##
@@ -468,7 +472,7 @@ private
   # ('closed at' time has passed or changes limit is hit)
   def conditions_closed(closed)
     return closed.nil? ? nil : ['closed_at < ? and num_changes > ?', 
-                              DateTime.now, Changeset::MAX_ELEMENTS]
+                                Time.now.getutc, Changeset::MAX_ELEMENTS]
   end
 
   ##