X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/043d29fd7eb72048cf5d07edfbc20ec5c25af708..73026e1615ab94873f70fcc30775d8613b6d7075:/app/controllers/api_controller.rb diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index eb59a8a8d..3273665d2 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,5 +1,9 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + before_action :api_deny_access_handler + + authorize_resource :class => false + before_action :check_api_readable, :except => [:capabilities] before_action :setup_user_auth, :only => [:permissions] around_action :api_call_handle_error, :api_call_timeout @@ -30,7 +34,9 @@ class ApiController < ApplicationController end # get all the points - points = Tracepoint.bbox(bbox).offset(offset).limit(TRACEPOINTS_PER_PAGE).order("gpx_id DESC, trackid ASC, timestamp ASC") + ordered_points = Tracepoint.bbox(bbox).joins(:trace).where(:gpx_files => { :visibility => %w[trackable identifiable] }).order("gpx_id DESC, trackid ASC, timestamp ASC") + unordered_points = Tracepoint.bbox(bbox).joins(:trace).where(:gpx_files => { :visibility => %w[public private] }).order("gps_points.latitude", "gps_points.longitude", "gps_points.timestamp") + points = ordered_points.union_all(unordered_points).offset(offset).limit(TRACEPOINTS_PER_PAGE) doc = XML::Document.new doc.encoding = XML::Encoding::UTF_8 @@ -67,7 +73,7 @@ class ApiController < ApplicationController if gpx_file.identifiable? track << (XML::Node.new("name") << gpx_file.name) track << (XML::Node.new("desc") << gpx_file.description) - track << (XML::Node.new("url") << url_for(:controller => "trace", :action => "view", :display_name => gpx_file.user.display_name, :id => gpx_file.id)) + track << (XML::Node.new("url") << url_for(:controller => "traces", :action => "show", :display_name => gpx_file.user.display_name, :id => gpx_file.id)) end else # use the anonymous track segment if the user hasn't allowed @@ -100,7 +106,7 @@ class ApiController < ApplicationController response.headers["Content-Disposition"] = "attachment; filename=\"tracks.gpx\"" - render :text => doc.to_s, :content_type => "text/xml" + render :xml => doc.to_s end # This is probably the most common call of all. It is used for getting the @@ -157,9 +163,7 @@ class ApiController < ApplicationController # - [0] in case some thing links to node 0 which doesn't exist. Shouldn't actually ever happen but it does. FIXME: file a ticket for this nodes_to_fetch = (list_of_way_nodes.uniq - node_ids) - [0] - unless nodes_to_fetch.empty? - nodes += Node.includes(:node_tags).find(nodes_to_fetch) - end + nodes += Node.includes(:node_tags).find(nodes_to_fetch) unless nodes_to_fetch.empty? visible_nodes = {} changeset_cache = {} @@ -193,12 +197,12 @@ class ApiController < ApplicationController # this "uniq" may be slightly inefficient; it may be better to first collect and output # all node-related relations, then find the *not yet covered* way-related ones etc. relations.uniq.each do |relation| - doc.root << relation.to_xml_node(nil, changeset_cache, user_display_name_cache) + doc.root << relation.to_xml_node(changeset_cache, user_display_name_cache) end response.headers["Content-Disposition"] = "attachment; filename=\"map.osm\"" - render :text => doc.to_s, :content_type => "text/xml" + render :xml => doc.to_s end # Get a list of the tiles that have changed within a specified time @@ -241,9 +245,9 @@ class ApiController < ApplicationController doc.root << changes - render :text => doc.to_s, :content_type => "text/xml" + render :xml => doc.to_s else - render :text => "Requested zoom is invalid, or the supplied start is after the end time, or the start duration is more than 24 hours", :status => :bad_request + render :plain => "Requested zoom is invalid, or the supplied start is after the end time, or the start duration is more than 24 hours", :status => :bad_request end end @@ -253,45 +257,9 @@ class ApiController < ApplicationController # * maximum area that can be requested in a bbox request in square degrees # * number of tracepoints that are returned in each tracepoints page def capabilities - doc = OSM::API.new.get_xml_doc - - api = XML::Node.new "api" - version = XML::Node.new "version" - version["minimum"] = API_VERSION.to_s - version["maximum"] = API_VERSION.to_s - api << version - area = XML::Node.new "area" - area["maximum"] = MAX_REQUEST_AREA.to_s - api << area - tracepoints = XML::Node.new "tracepoints" - tracepoints["per_page"] = TRACEPOINTS_PER_PAGE.to_s - api << tracepoints - waynodes = XML::Node.new "waynodes" - waynodes["maximum"] = MAX_NUMBER_OF_WAY_NODES.to_s - api << waynodes - changesets = XML::Node.new "changesets" - changesets["maximum_elements"] = Changeset::MAX_ELEMENTS.to_s - api << changesets - timeout = XML::Node.new "timeout" - timeout["seconds"] = API_TIMEOUT.to_s - api << timeout - status = XML::Node.new "status" - status["database"] = database_status.to_s - status["api"] = api_status.to_s - status["gpx"] = gpx_status.to_s - api << status - doc.root << api - policy = XML::Node.new "policy" - blacklist = XML::Node.new "imagery" - IMAGERY_BLACKLIST.each do |url_regex| - xnd = XML::Node.new "blacklist" - xnd["regex"] = url_regex.to_s - blacklist << xnd - end - policy << blacklist - doc.root << policy - - render :text => doc.to_s, :content_type => "text/xml" + @database_status = database_status + @api_status = api_status + @gpx_status = gpx_status end # External apps that use the api are able to query which permissions @@ -302,7 +270,7 @@ class ApiController < ApplicationController def permissions @permissions = if current_token.present? ClientApplication.all_permissions.select { |p| current_token.read_attribute(p) } - elsif @user + elsif current_user ClientApplication.all_permissions else []