From 1ffb5c1502d870a1d1c46648ea0c165e25dfbef9 Mon Sep 17 00:00:00 2001
From: Matt Amos <zerebubuth@gmail.com>
Date: Wed, 26 Nov 2008 12:56:42 +0000
Subject: [PATCH] Moved changeset consistency checks to library code.

---
 app/controllers/changeset_controller.rb | 27 +++++++++----------------
 lib/consistency_validations.rb          | 15 ++++++++++++++
 2 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb
index fad797cdc..58bcd1020 100644
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@@ -11,6 +11,9 @@ class ChangesetController < ApplicationController
   # Help methods for checking boundary sanity and area size
   include MapBoundary
 
+  # Helper methods for checking consistency
+  include ConsistencyValidations
+
   # Create a changeset from XML.
   def create
     if request.put?
@@ -46,12 +49,9 @@ class ChangesetController < ApplicationController
       return
     end
     
-    changeset = Changeset.find(params[:id])
-    
-    unless @user.id == changeset.user_id 
-      raise OSM::APIUserChangesetMismatchError 
-    end
-    
+    changeset = Changeset.find(params[:id])    
+    check_changeset_consistency(changeset, @user)
+
     # to close the changeset, we'll just set its closed_at time to
     # now. this might not be enough if there are concurrency issues, 
     # but we'll have to wait and see.
@@ -75,12 +75,7 @@ class ChangesetController < ApplicationController
     # idempotent, there is no "document" to PUT really...
     if request.post?
       cs = Changeset.find(params[:id])
-
-      # check user credentials - only the user who opened a changeset
-      # may alter it.
-      unless @user.id == cs.user_id 
-        raise OSM::APIUserChangesetMismatchError 
-      end
+      check_changeset_consistency(cs, @user)
 
       # keep an array of lons and lats
       lon = Array.new
@@ -142,12 +137,7 @@ class ChangesetController < ApplicationController
     end
 
     changeset = Changeset.find(params[:id])
-
-    # access control - only the user who created a changeset may
-    # upload to it.
-    unless @user.id == changeset.user_id 
-      raise OSM::APIUserChangesetMismatchError 
-    end
+    check_changeset_consistency(changeset, @user)
     
     diff_reader = DiffReader.new(request.raw_post, changeset)
     Changeset.transaction do
@@ -281,6 +271,7 @@ class ChangesetController < ApplicationController
     new_changeset = Changeset.from_xml(request.raw_post)
 
     unless new_changeset.nil?
+      check_changeset_consistency(changeset, @user)
       changeset.update_from(new_changeset, @user)
       render :text => changeset.to_xml, :mime_type => "text/xml"
     else
diff --git a/lib/consistency_validations.rb b/lib/consistency_validations.rb
index 46fb3c06e..4f3881542 100644
--- a/lib/consistency_validations.rb
+++ b/lib/consistency_validations.rb
@@ -27,4 +27,19 @@ module ConsistencyValidations
       raise OSM::APIChangesetAlreadyClosedError.new(new.changeset)
     end
   end
+
+  ##
+  # subset of consistency checks which should be applied to almost
+  # all the changeset controller's writable methods.
+  def check_changeset_consistency(changeset, user)
+    # check user credentials - only the user who opened a changeset
+    # may alter it.
+    if changeset.nil?
+      raise OSM::APIChangesetMissingError.new
+    elsif user.id != changeset.user_id 
+      raise OSM::APIUserChangesetMismatchError.new
+    elsif not changeset.is_open?
+      raise OSM::APIChangesetAlreadyClosedError.new(changeset)
+    end
+  end
 end
-- 
2.43.2