X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/420a7289a0b08eee091f6650c2e83166df3fbe69..6a4092bc1678bd6bf4cd96243466e69c3e3995bb:/app/controllers/api_controller.rb diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 81b8bca53..2e1a07c3c 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,6 +1,10 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token - before_action :check_api_readable, :except => [:capabilities] + before_action :api_deny_access_handler + + authorize_resource :class => false + + before_action :check_api_readable before_action :setup_user_auth, :only => [:permissions] around_action :api_call_handle_error, :api_call_timeout @@ -30,7 +34,9 @@ class ApiController < ApplicationController end # get all the points - points = Tracepoint.bbox(bbox).offset(offset).limit(TRACEPOINTS_PER_PAGE).order("gpx_id DESC, trackid ASC, timestamp ASC") + ordered_points = Tracepoint.bbox(bbox).joins(:trace).where(:gpx_files => { :visibility => %w[trackable identifiable] }).order("gpx_id DESC, trackid ASC, timestamp ASC") + unordered_points = Tracepoint.bbox(bbox).joins(:trace).where(:gpx_files => { :visibility => %w[public private] }).order("gps_points.latitude", "gps_points.longitude", "gps_points.timestamp") + points = ordered_points.union_all(unordered_points).offset(offset).limit(TRACEPOINTS_PER_PAGE) doc = XML::Document.new doc.encoding = XML::Encoding::UTF_8 @@ -245,56 +251,6 @@ class ApiController < ApplicationController end end - # External apps that use the api are able to query the api to find out some - # parameters of the API. It currently returns: - # * minimum and maximum API versions that can be used. - # * maximum area that can be requested in a bbox request in square degrees - # * number of tracepoints that are returned in each tracepoints page - def capabilities - doc = OSM::API.new.get_xml_doc - - api = XML::Node.new "api" - version = XML::Node.new "version" - version["minimum"] = API_VERSION.to_s - version["maximum"] = API_VERSION.to_s - api << version - area = XML::Node.new "area" - area["maximum"] = MAX_REQUEST_AREA.to_s - api << area - notearea = XML::Node.new "note_area" - notearea["maximum"] = MAX_NOTE_REQUEST_AREA.to_s - api << notearea - tracepoints = XML::Node.new "tracepoints" - tracepoints["per_page"] = TRACEPOINTS_PER_PAGE.to_s - api << tracepoints - waynodes = XML::Node.new "waynodes" - waynodes["maximum"] = MAX_NUMBER_OF_WAY_NODES.to_s - api << waynodes - changesets = XML::Node.new "changesets" - changesets["maximum_elements"] = Changeset::MAX_ELEMENTS.to_s - api << changesets - timeout = XML::Node.new "timeout" - timeout["seconds"] = API_TIMEOUT.to_s - api << timeout - status = XML::Node.new "status" - status["database"] = database_status.to_s - status["api"] = api_status.to_s - status["gpx"] = gpx_status.to_s - api << status - doc.root << api - policy = XML::Node.new "policy" - blacklist = XML::Node.new "imagery" - IMAGERY_BLACKLIST.each do |url_regex| - xnd = XML::Node.new "blacklist" - xnd["regex"] = url_regex.to_s - blacklist << xnd - end - policy << blacklist - doc.root << policy - - render :xml => doc.to_s - end - # External apps that use the api are able to query which permissions # they have. This currently returns a list of permissions granted to the current user: # * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token.