X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/cf304fe60f05f48251a480d19ce3ea9440f8a10e..68044c60545093f813ab46611973f052b4584e9a:/app/controllers/user_preference_controller.rb diff --git a/app/controllers/user_preference_controller.rb b/app/controllers/user_preference_controller.rb index 559479929..377e78313 100644 --- a/app/controllers/user_preference_controller.rb +++ b/app/controllers/user_preference_controller.rb @@ -1,15 +1,16 @@ # Update and read user preferences, which are arbitrayr key/val pairs class UserPreferenceController < ApplicationController + skip_before_filter :verify_authenticity_token before_filter :authorize + before_filter :require_allow_read_prefs, :only => [:read_one, :read] + before_filter :require_allow_write_prefs, :except => [:read_one, :read] def read_one pref = UserPreference.find(@user.id, params[:preference_key]) - if pref - render :text => pref.v.to_s - else - render :text => 'OH NOES! PREF NOT FOUND!', :status => 404 - end + render :text => pref.v.to_s + rescue ActiveRecord::RecordNotFound => ex + render :text => 'OH NOES! PREF NOT FOUND!', :status => :not_found end def update_one @@ -32,6 +33,8 @@ class UserPreferenceController < ApplicationController UserPreference.delete(@user.id, params[:preference_key]) render :nothing => true + rescue ActiveRecord::RecordNotFound => ex + render :text => "param: #{params[:preference_key]} not found", :status => :not_found end # print out all the preferences as a big xml block @@ -53,48 +56,45 @@ class UserPreferenceController < ApplicationController # update the entire set of preferences def update begin - p = XML::Parser.new - p.string = request.raw_post - doc = p.parse - - prefs = [] - - keyhash = {} - - doc.find('//preferences/preference').each do |pt| - pref = UserPreference.new + p = XML::Parser.string(request.raw_post) + rescue LibXML::XML::Error, ArgumentError => ex + raise OSM::APIBadXMLError.new("preferences", xml, ex.message) + end + doc = p.parse - unless keyhash[pt['k']].nil? # already have that key - render :text => 'OH NOES! CAN HAS UNIQUE KEYS?', :status => :not_acceptable - return - end + prefs = [] - keyhash[pt['k']] = 1 + keyhash = {} - pref.k = pt['k'] - pref.v = pt['v'] - pref.user_id = @user.id - prefs << pref - end + doc.find('//preferences/preference').each do |pt| + pref = UserPreference.new - if prefs.size > 150 - render :text => 'Too many preferences', :status => :request_entity_too_large - return + unless keyhash[pt['k']].nil? # already have that key + render :text => 'OH NOES! CAN HAS UNIQUE KEYS?', :status => :not_acceptable end - # kill the existing ones - UserPreference.delete_all(['user_id = ?', @user.id]) + keyhash[pt['k']] = 1 - # save the new ones - prefs.each do |pref| - pref.save! - end + pref.k = pt['k'] + pref.v = pt['v'] + pref.user_id = @user.id + prefs << pref + end - rescue Exception => ex - render :text => 'OH NOES! FAIL!: ' + ex.to_s, :status => :internal_server_error - return + if prefs.size > 150 + render :text => 'Too many preferences', :status => :request_entity_too_large end + # kill the existing ones + UserPreference.delete_all(['user_id = ?', @user.id]) + + # save the new ones + prefs.each do |pref| + pref.save! + end render :nothing => true + + rescue Exception => ex + render :text => 'OH NOES! FAIL!: ' + ex.to_s, :status => :internal_server_error end end