X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/9186a6155c4a9bbfd60eddd50f3eb63db78fd07e..b38343e5bd95230c6bb2159700102dbca247fa03:/app/controllers/api/old_controller.rb

diff --git a/app/controllers/api/old_controller.rb b/app/controllers/api/old_controller.rb
new file mode 100644
index 000000000..9a86bded5
--- /dev/null
+++ b/app/controllers/api/old_controller.rb
@@ -0,0 +1,79 @@
+# this class pulls together the logic for all the old_* controllers
+# into one place. as it turns out, the API methods for historical
+# nodes, ways and relations are basically identical.
+module Api
+  class OldController < ApplicationController
+    require "xml/libxml"
+
+    skip_before_action :verify_authenticity_token
+    before_action :setup_user_auth, :only => [:history, :version]
+    before_action :api_deny_access_handler
+    before_action :authorize, :only => [:redact]
+
+    authorize_resource
+
+    before_action :check_api_readable
+    before_action :check_api_writable, :only => [:redact]
+    around_action :api_call_handle_error, :api_call_timeout
+    before_action :lookup_old_element, :except => [:history]
+    before_action :lookup_old_element_versions, :only => [:history]
+
+    def history
+      # the .where() method used in the lookup_old_element_versions
+      # call won't throw an error if no records are found, so we have
+      # to do that ourselves.
+      raise OSM::APINotFoundError if @elements.empty?
+
+      doc = OSM::API.new.get_xml_doc
+
+      visible_elements = if show_redactions?
+                           @elements
+                         else
+                           @elements.unredacted
+                         end
+
+      visible_elements.each do |element|
+        doc.root << element.to_xml_node
+      end
+
+      render :xml => doc.to_s
+    end
+
+    def version
+      if @old_element.redacted? && !show_redactions?
+        head :forbidden
+
+      else
+        response.last_modified = @old_element.timestamp
+
+        doc = OSM::API.new.get_xml_doc
+        doc.root << @old_element.to_xml_node
+
+        render :xml => doc.to_s
+      end
+    end
+
+    def redact
+      redaction_id = params["redaction"]
+      if redaction_id.nil?
+        # if no redaction ID was provided, then this is an unredact
+        # operation.
+        @old_element.redact!(nil)
+      else
+        # if a redaction ID was specified, then set this element to
+        # be redacted in that redaction.
+        redaction = Redaction.find(redaction_id.to_i)
+        @old_element.redact!(redaction)
+      end
+
+      # just return an empty 200 OK for success
+      head :ok
+    end
+
+    private
+
+    def show_redactions?
+      current_user&.moderator? && params[:show_redactions] == "true"
+    end
+  end
+end