From: Matt Amos Date: Mon, 12 Oct 2009 10:12:12 +0000 (+0000) Subject: Added a :display_name option for the changesets query code. X-Git-Tag: live~6547 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/16b79f9964bc615c054c69e4429e528fc0aafd50 Added a :display_name option for the changesets query code. --- diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb index c67f4abd5..7573a1803 100644 --- a/app/controllers/changeset_controller.rb +++ b/app/controllers/changeset_controller.rb @@ -206,7 +206,7 @@ class ChangesetController < ApplicationController # create the conditions that the user asked for. some or all of # these may be nil. conditions = conditions_bbox(params['bbox']) - conditions = cond_merge conditions, conditions_user(params['user']) + conditions = cond_merge conditions, conditions_user(params['user'], params['display_name']) conditions = cond_merge conditions, conditions_time(params['time']) conditions = cond_merge conditions, conditions_open(params['open']) conditions = cond_merge conditions, conditions_closed(params['closed']) @@ -352,12 +352,23 @@ private ## # restrict changesets to those by a particular user - def conditions_user(user) - unless user.nil? - # user input checking, we don't have any UIDs < 1 - raise OSM::APIBadUserInput.new("invalid user ID") if user.to_i < 1 + def conditions_user(user, name) + unless user.nil? and name.nil? + # shouldn't provide both name and UID + raise OSM::APIBadUserInput.new("provide either the user ID or display name, but not both") if user and name + + # use either the name or the UID to find the user which we're selecting on. + u = if name.nil? + # user input checking, we don't have any UIDs < 1 + raise OSM::APIBadUserInput.new("invalid user ID") if user.to_i < 1 + u = User.find(user.to_i) + else + u = User.find_by_display_name(name) + end + + # make sure we found a user + raise OSM::APINotFoundError.new if u.nil? - u = User.find(user.to_i) # should be able to get changesets of public users only, or # our own changesets regardless of public-ness. unless u.data_public? diff --git a/test/functional/changeset_controller_test.rb b/test/functional/changeset_controller_test.rb index b02f556c9..76ec0866a 100644 --- a/test/functional/changeset_controller_test.rb +++ b/test/functional/changeset_controller_test.rb @@ -1337,16 +1337,32 @@ EOF assert_response :success, "can't get changesets in bbox" assert_changesets [1] + # not found when looking for changesets of non-existing users + get :query, :user => User.maximum(:id) + 1 + assert_response :not_found + get :query, :display_name => " " + assert_response :not_found + # can't get changesets of user 1 without authenticating get :query, :user => users(:normal_user).id - assert_response :not_found, "shouldn't be able to get changesets by non-public user" + assert_response :not_found, "shouldn't be able to get changesets by non-public user (ID)" + get :query, :display_name => users(:normal_user).display_name + assert_response :not_found, "shouldn't be able to get changesets by non-public user (name)" # but this should work basic_authorization "test@openstreetmap.org", "test" get :query, :user => users(:normal_user).id - assert_response :success, "can't get changesets by user" + assert_response :success, "can't get changesets by user ID" assert_changesets [1,3,6] + get :query, :display_name => users(:normal_user).display_name + assert_response :success, "can't get changesets by user name" + assert_changesets [1,3,6] + + # check that the correct error is given when we provide both UID and name + get :query, :user => users(:normal_user).id, :display_name => users(:normal_user).display_name + assert_response :bad_request, "should be a bad request to have both ID and name specified" + get :query, :user => users(:normal_user).id, :open => true assert_response :success, "can't get changesets by user and open" assert_changesets [1]