X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/420a7289a0b08eee091f6650c2e83166df3fbe69..35a2d66e1960b00e5ed0cecbe4263cdeedb1ad62:/app/controllers/amf_controller.rb diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb index 4f6adae5d..2ad0fe6e0 100644 --- a/app/controllers/amf_controller.rb +++ b/app/controllers/amf_controller.rb @@ -41,6 +41,11 @@ class AmfController < ApplicationController skip_before_action :verify_authenticity_token before_action :check_api_writable + # AMF Controller implements its own authentication and authorization checks + # completely independently of the rest of the codebase, so best just to let + # it keep doing its own thing. + skip_authorization_check + # Main AMF handlers: process the raw AMF string (using AMF library) and # calls each action (private method) accordingly. @@ -139,7 +144,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so Potlatch can't write any changes to the database." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? if cstags return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(cstags) @@ -532,7 +537,7 @@ class AmfController < ApplicationController return -1, "You are not logged in, so the relation could not be saved." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags) @@ -620,7 +625,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so the way could not be saved." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? return -2, "Server error - way is only #{pointlist.length} points long." if pointlist.length < 2 @@ -730,7 +735,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so the point could not be saved." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? return -1, "One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." unless tags_ok(tags) @@ -817,7 +822,7 @@ class AmfController < ApplicationController user = getuser(usertoken) return -1, "You are not logged in, so the way could not be deleted." unless user return -1, t("application.setup_user_auth.blocked") if user.blocks.active.exists? - return -1, "You must accept the contributor terms before you can edit." if REQUIRE_TERMS_AGREED && user.terms_agreed.nil? + return -1, "You must accept the contributor terms before you can edit." if user.terms_agreed.nil? way_id = way_id.to_i nodeversions = {}