From: Andy Allan <git@gravitystorm.co.uk>
Date: Sat, 23 Feb 2019 13:36:02 +0000 (+0100)
Subject: Move the capabilities call out of api_controller
X-Git-Tag: live~2662^2~5
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/6a4092bc1678bd6bf4cd96243466e69c3e3995bb

Move the capabilities call out of api_controller
---

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index 4127c0de7..f28acd5c3 100644
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -4,9 +4,10 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
-    can [:trackpoints, :map, :changes, :capabilities, :permissions], :api
+    can [:trackpoints, :map, :changes, :permissions], :api
     can [:relation, :relation_history, :way, :way_history, :node, :node_history,
          :changeset, :note, :new_note, :query], :browse
+    can :show, :capability
     can [:index, :feed, :show, :download, :query], Changeset
     can :index, ChangesetComment
     can :search, :direction
diff --git a/app/controllers/api/capabilities_controller.rb b/app/controllers/api/capabilities_controller.rb
new file mode 100644
index 000000000..8337bc809
--- /dev/null
+++ b/app/controllers/api/capabilities_controller.rb
@@ -0,0 +1,21 @@
+module Api
+  class CapabilitiesController < ApplicationController
+    skip_before_action :verify_authenticity_token
+    before_action :api_deny_access_handler
+
+    authorize_resource :class => false
+
+    around_action :api_call_handle_error, :api_call_timeout
+
+    # External apps that use the api are able to query the api to find out some
+    # parameters of the API. It currently returns:
+    # * minimum and maximum API versions that can be used.
+    # * maximum area that can be requested in a bbox request in square degrees
+    # * number of tracepoints that are returned in each tracepoints page
+    def show
+      @database_status = database_status
+      @api_status = api_status
+      @gpx_status = gpx_status
+    end
+  end
+end
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 3273665d2..2e1a07c3c 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -4,7 +4,7 @@ class ApiController < ApplicationController
 
   authorize_resource :class => false
 
-  before_action :check_api_readable, :except => [:capabilities]
+  before_action :check_api_readable
   before_action :setup_user_auth, :only => [:permissions]
   around_action :api_call_handle_error, :api_call_timeout
 
@@ -251,17 +251,6 @@ class ApiController < ApplicationController
     end
   end
 
-  # External apps that use the api are able to query the api to find out some
-  # parameters of the API. It currently returns:
-  # * minimum and maximum API versions that can be used.
-  # * maximum area that can be requested in a bbox request in square degrees
-  # * number of tracepoints that are returned in each tracepoints page
-  def capabilities
-    @database_status = database_status
-    @api_status = api_status
-    @gpx_status = gpx_status
-  end
-
   # External apps that use the api are able to query which permissions
   # they have. This currently returns a list of permissions granted to the current user:
   # * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token.
diff --git a/app/views/api/capabilities.builder b/app/views/api/capabilities/show.builder
similarity index 100%
rename from app/views/api/capabilities.builder
rename to app/views/api/capabilities/show.builder
diff --git a/config/routes.rb b/config/routes.rb
index b0fe5e48e..32e6f7367 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,9 +1,11 @@
 OpenStreetMap::Application.routes.draw do
   # API
-  get "api/capabilities" => "api#capabilities"
+  namespace :api do
+    get "capabilities" => "capabilities#show"
+  end
 
   scope "api/0.6" do
-    get "capabilities" => "api#capabilities"
+    get "capabilities" => "api/capabilities#show"
     get "permissions" => "api#permissions"
 
     put "changeset/create" => "changesets#create"
diff --git a/test/controllers/api/capabilities_test.rb b/test/controllers/api/capabilities_test.rb
new file mode 100644
index 000000000..127201f9c
--- /dev/null
+++ b/test/controllers/api/capabilities_test.rb
@@ -0,0 +1,35 @@
+require "test_helper"
+
+module Api
+  class CapabilitiesControllerTest < ActionController::TestCase
+    ##
+    # test all routes which lead to this controller
+    def test_routes
+      assert_routing(
+        { :path => "/api/capabilities", :method => :get },
+        { :controller => "api/capabilities", :action => "show" }
+      )
+      assert_recognizes(
+        { :controller => "api/capabilities", :action => "show" },
+        { :path => "/api/0.6/capabilities", :method => :get }
+      )
+    end
+
+    def test_capabilities
+      get :show
+      assert_response :success
+      assert_select "osm[version='#{API_VERSION}'][generator='#{GENERATOR}']", :count => 1 do
+        assert_select "api", :count => 1 do
+          assert_select "version[minimum='#{API_VERSION}'][maximum='#{API_VERSION}']", :count => 1
+          assert_select "area[maximum='#{MAX_REQUEST_AREA}']", :count => 1
+          assert_select "note_area[maximum='#{MAX_NOTE_REQUEST_AREA}']", :count => 1
+          assert_select "tracepoints[per_page='#{TRACEPOINTS_PER_PAGE}']", :count => 1
+          assert_select "changesets[maximum_elements='#{Changeset::MAX_ELEMENTS}']", :count => 1
+          assert_select "status[database='online']", :count => 1
+          assert_select "status[api='online']", :count => 1
+          assert_select "status[gpx='online']", :count => 1
+        end
+      end
+    end
+  end
+end
diff --git a/test/controllers/api_controller_test.rb b/test/controllers/api_controller_test.rb
index cdc20a1aa..cb759ec14 100644
--- a/test/controllers/api_controller_test.rb
+++ b/test/controllers/api_controller_test.rb
@@ -18,14 +18,6 @@ class ApiControllerTest < ActionController::TestCase
   ##
   # test all routes which lead to this controller
   def test_routes
-    assert_routing(
-      { :path => "/api/capabilities", :method => :get },
-      { :controller => "api", :action => "capabilities" }
-    )
-    assert_recognizes(
-      { :controller => "api", :action => "capabilities" },
-      { :path => "/api/0.6/capabilities", :method => :get }
-    )
     assert_routing(
       { :path => "/api/0.6/permissions", :method => :get },
       { :controller => "api", :action => "permissions" }
@@ -379,23 +371,6 @@ class ApiControllerTest < ActionController::TestCase
     assert_response :success
   end
 
-  def test_capabilities
-    get :capabilities
-    assert_response :success
-    assert_select "osm[version='#{API_VERSION}'][generator='#{GENERATOR}']", :count => 1 do
-      assert_select "api", :count => 1 do
-        assert_select "version[minimum='#{API_VERSION}'][maximum='#{API_VERSION}']", :count => 1
-        assert_select "area[maximum='#{MAX_REQUEST_AREA}']", :count => 1
-        assert_select "note_area[maximum='#{MAX_NOTE_REQUEST_AREA}']", :count => 1
-        assert_select "tracepoints[per_page='#{TRACEPOINTS_PER_PAGE}']", :count => 1
-        assert_select "changesets[maximum_elements='#{Changeset::MAX_ELEMENTS}']", :count => 1
-        assert_select "status[database='online']", :count => 1
-        assert_select "status[api='online']", :count => 1
-        assert_select "status[gpx='online']", :count => 1
-      end
-    end
-  end
-
   def test_permissions_anonymous
     get :permissions
     assert_response :success