skip_before_filter :verify_authenticity_token
before_filter :check_api_readable, :except => [:capabilities]
+ before_filter :setup_user_auth, :only => [:permissions]
after_filter :compress_output
around_filter :api_call_handle_error, :api_call_timeout
render :text => doc.to_s, :content_type => "text/xml"
end
+
+ # External apps that use the api are able to query which permissions
+ # they have. This currently returns a list of permissions granted to the current user:
+ # * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token.
+ # * if authenticated via basic auth all permissions are granted, so the list will contain all permissions.
+ # * unauthenticated users have no permissions, so the list will be empty.
+ def permissions
+ @permissions = case
+ when current_token.present?
+ ClientApplication.all_permissions.select { |p| current_token.read_attribute(p) }
+ when @user
+ ClientApplication.all_permissions
+ else
+ []
+ end
+ end
end
--- /dev/null
+# create list of permissions
+xml.instruct! :xml, :version=>"1.0"
+xml.osm("version" => "#{API_VERSION}", "generator" => "OpenStreetMap Server") do
+ xml.permissions do
+ @permissions.each do |permission|
+ xml.permission :name => permission
+ end
+ end
+end
# API
match 'api/capabilities' => 'api#capabilities', :via => :get
match 'api/0.6/capabilities' => 'api#capabilities', :via => :get
+ match 'api/0.6/permissions' => 'api#permissions', :via => :get
match 'api/0.6/changeset/create' => 'changeset#create', :via => :put
match 'api/0.6/changeset/:id/upload' => 'changeset#upload', :via => :post, :id => /\d+/
end
end
end
+
+ def test_permissions_anonymous
+ get :permissions
+ assert_response :success
+ assert_select "osm > permissions", :count => 1 do
+ assert_select "permission", :count => 0
+ end
+ end
+
+ def test_permissions_basic_auth
+ basic_authorization(users(:normal_user).email, "test")
+ get :permissions
+ assert_response :success
+ assert_select "osm > permissions", :count => 1 do
+ assert_select "permission", :count => ClientApplication.all_permissions.size
+ ClientApplication.all_permissions.each do |p|
+ assert_select "permission[name=#{p}]", :count => 1
+ end
+ end
+ end
+
+ def test_permissions_oauth
+ @request.env["oauth.token"] = AccessToken.new do |token|
+ # Just to test a few
+ token.allow_read_prefs = true
+ token.allow_write_api = true
+ token.allow_read_gpx = false
+ end
+ get :permissions
+ assert_response :success
+ assert_select "osm > permissions", :count => 1 do
+ assert_select "permission", :count => 2
+ assert_select "permission[name=allow_read_prefs]", :count => 1
+ assert_select "permission[name=allow_write_api]", :count => 1
+ assert_select "permission[name=allow_read_gpx]", :count => 0
+ end
+ end
end
projects / rails.git / commitdiff