X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/70d6880e10881dfd4b68f51cf16609a9f8aaff24..947a41edee95df9e75cce0452277e2a00a8b5fa5:/app/controllers/relations_controller.rb

diff --git a/app/controllers/relations_controller.rb b/app/controllers/relations_controller.rb
index b9108cea1..8c8005acc 100644
--- a/app/controllers/relations_controller.rb
+++ b/app/controllers/relations_controller.rb
@@ -3,7 +3,10 @@ class RelationsController < ApplicationController
 
   skip_before_action :verify_authenticity_token
   before_action :authorize, :only => [:create, :update, :delete]
-  before_action :require_allow_write_api, :only => [:create, :update, :delete]
+  before_action :api_deny_access_handler
+
+  authorize_resource
+
   before_action :require_public_data, :only => [:create, :update, :delete]
   before_action :check_api_writable, :only => [:create, :update, :delete]
   before_action :check_api_readable, :except => [:create, :update, :delete]
@@ -19,7 +22,7 @@ class RelationsController < ApplicationController
     render :plain => relation.id.to_s
   end
 
-  def read
+  def show
     relation = Relation.find(params[:id])
     response.last_modified = relation.timestamp
     if relation.visible
@@ -120,7 +123,7 @@ class RelationsController < ApplicationController
     end
   end
 
-  def relations
+  def index
     raise OSM::APIBadUserInput, "The parameter relations is required, and must be of the form relations=id[,id[,id...]]" unless params["relations"]
 
     ids = params["relations"].split(",").collect(&:to_i)
@@ -148,6 +151,8 @@ class RelationsController < ApplicationController
     relations_for_object("Relation")
   end
 
+  private
+
   def relations_for_object(objtype)
     relationids = RelationMember.where(:member_type => objtype, :member_id => params[:id]).collect(&:relation_id).uniq