From 3bb07e29ec7c178757f3c94eea84935a554d812d Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 20 Mar 2019 14:16:15 +0100 Subject: [PATCH] Refactor api controllers to inherit from a common ApiController --- app/controllers/api/amf_controller.rb | 3 +-- app/controllers/api/capabilities_controller.rb | 3 +-- app/controllers/api/changes_controller.rb | 3 +-- app/controllers/api/changeset_comments_controller.rb | 3 +-- app/controllers/api/changesets_controller.rb | 3 +-- app/controllers/api/map_controller.rb | 3 +-- app/controllers/api/nodes_controller.rb | 3 +-- app/controllers/api/notes_controller.rb | 3 +-- app/controllers/api/old_controller.rb | 3 +-- app/controllers/api/permissions_controller.rb | 3 +-- app/controllers/api/relations_controller.rb | 3 +-- app/controllers/api/search_controller.rb | 3 +-- app/controllers/api/swf_controller.rb | 3 +-- app/controllers/api/tracepoints_controller.rb | 3 +-- app/controllers/api/traces_controller.rb | 3 +-- app/controllers/api/user_preferences_controller.rb | 3 +-- app/controllers/api/users_controller.rb | 3 +-- app/controllers/api/ways_controller.rb | 3 +-- app/controllers/api_controller.rb | 3 +++ 19 files changed, 21 insertions(+), 36 deletions(-) create mode 100644 app/controllers/api_controller.rb diff --git a/app/controllers/api/amf_controller.rb b/app/controllers/api/amf_controller.rb index 509cf1d77..0cf511d76 100644 --- a/app/controllers/api/amf_controller.rb +++ b/app/controllers/api/amf_controller.rb @@ -36,10 +36,9 @@ # * version conflict when POIs and ways are reverted module Api - class AmfController < ApplicationController + class AmfController < ApiController include Potlatch - skip_before_action :verify_authenticity_token before_action :check_api_writable # AMF Controller implements its own authentication and authorization checks diff --git a/app/controllers/api/capabilities_controller.rb b/app/controllers/api/capabilities_controller.rb index 8337bc809..68968d107 100644 --- a/app/controllers/api/capabilities_controller.rb +++ b/app/controllers/api/capabilities_controller.rb @@ -1,6 +1,5 @@ module Api - class CapabilitiesController < ApplicationController - skip_before_action :verify_authenticity_token + class CapabilitiesController < ApiController before_action :api_deny_access_handler authorize_resource :class => false diff --git a/app/controllers/api/changes_controller.rb b/app/controllers/api/changes_controller.rb index c9195e1d9..97ddc1763 100644 --- a/app/controllers/api/changes_controller.rb +++ b/app/controllers/api/changes_controller.rb @@ -1,6 +1,5 @@ module Api - class ChangesController < ApplicationController - skip_before_action :verify_authenticity_token + class ChangesController < ApiController before_action :api_deny_access_handler authorize_resource :class => false diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index 0bebce433..db90dcbe3 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -1,6 +1,5 @@ module Api - class ChangesetCommentsController < ApplicationController - skip_before_action :verify_authenticity_token + class ChangesetCommentsController < ApiController before_action :authorize before_action :api_deny_access_handler diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb index dd43f7ed0..0f016c902 100644 --- a/app/controllers/api/changesets_controller.rb +++ b/app/controllers/api/changesets_controller.rb @@ -1,11 +1,10 @@ # The ChangesetController is the RESTful interface to Changeset objects module Api - class ChangesetsController < ApplicationController + class ChangesetsController < ApiController layout "site" require "xml/libxml" - skip_before_action :verify_authenticity_token before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox] diff --git a/app/controllers/api/map_controller.rb b/app/controllers/api/map_controller.rb index e8d36c8ec..107366071 100644 --- a/app/controllers/api/map_controller.rb +++ b/app/controllers/api/map_controller.rb @@ -1,6 +1,5 @@ module Api - class MapController < ApplicationController - skip_before_action :verify_authenticity_token + class MapController < ApiController before_action :api_deny_access_handler authorize_resource :class => false diff --git a/app/controllers/api/nodes_controller.rb b/app/controllers/api/nodes_controller.rb index 4e46b38d5..d081b28bb 100644 --- a/app/controllers/api/nodes_controller.rb +++ b/app/controllers/api/nodes_controller.rb @@ -1,10 +1,9 @@ # The NodeController is the RESTful interface to Node objects module Api - class NodesController < ApplicationController + class NodesController < ApiController require "xml/libxml" - skip_before_action :verify_authenticity_token before_action :authorize, :only => [:create, :update, :delete] before_action :api_deny_access_handler diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index 686e76b14..92b68bd46 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -1,8 +1,7 @@ module Api - class NotesController < ApplicationController + class NotesController < ApiController layout "site", :only => [:mine] - skip_before_action :verify_authenticity_token before_action :check_api_readable before_action :setup_user_auth, :only => [:create, :comment, :show] before_action :authorize, :only => [:close, :reopen, :destroy] diff --git a/app/controllers/api/old_controller.rb b/app/controllers/api/old_controller.rb index 9a86bded5..9d9f2fabc 100644 --- a/app/controllers/api/old_controller.rb +++ b/app/controllers/api/old_controller.rb @@ -2,10 +2,9 @@ # into one place. as it turns out, the API methods for historical # nodes, ways and relations are basically identical. module Api - class OldController < ApplicationController + class OldController < ApiController require "xml/libxml" - skip_before_action :verify_authenticity_token before_action :setup_user_auth, :only => [:history, :version] before_action :api_deny_access_handler before_action :authorize, :only => [:redact] diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb index b24aca776..15f381267 100644 --- a/app/controllers/api/permissions_controller.rb +++ b/app/controllers/api/permissions_controller.rb @@ -1,6 +1,5 @@ module Api - class PermissionsController < ApplicationController - skip_before_action :verify_authenticity_token + class PermissionsController < ApiController before_action :api_deny_access_handler authorize_resource :class => false diff --git a/app/controllers/api/relations_controller.rb b/app/controllers/api/relations_controller.rb index a0740b382..6f52f2f94 100644 --- a/app/controllers/api/relations_controller.rb +++ b/app/controllers/api/relations_controller.rb @@ -1,8 +1,7 @@ module Api - class RelationsController < ApplicationController + class RelationsController < ApiController require "xml/libxml" - skip_before_action :verify_authenticity_token before_action :authorize, :only => [:create, :update, :delete] before_action :api_deny_access_handler diff --git a/app/controllers/api/search_controller.rb b/app/controllers/api/search_controller.rb index 0afbbf8e2..feb487ac0 100644 --- a/app/controllers/api/search_controller.rb +++ b/app/controllers/api/search_controller.rb @@ -1,9 +1,8 @@ module Api - class SearchController < ApplicationController + class SearchController < ApiController # Support searching for nodes, ways, or all # Can search by tag k, v, or both (type->k,value->v) # Can search by name (k=name,v=....) - skip_before_action :verify_authenticity_token authorize_resource :class => false def search_all diff --git a/app/controllers/api/swf_controller.rb b/app/controllers/api/swf_controller.rb index d48731b70..2f8a5392d 100644 --- a/app/controllers/api/swf_controller.rb +++ b/app/controllers/api/swf_controller.rb @@ -1,6 +1,5 @@ module Api - class SwfController < ApplicationController - skip_before_action :verify_authenticity_token + class SwfController < ApiController before_action :check_api_readable authorize_resource :class => false diff --git a/app/controllers/api/tracepoints_controller.rb b/app/controllers/api/tracepoints_controller.rb index c71b5a3e9..7799de266 100644 --- a/app/controllers/api/tracepoints_controller.rb +++ b/app/controllers/api/tracepoints_controller.rb @@ -1,6 +1,5 @@ module Api - class TracepointsController < ApplicationController - skip_before_action :verify_authenticity_token + class TracepointsController < ApiController before_action :api_deny_access_handler authorize_resource diff --git a/app/controllers/api/traces_controller.rb b/app/controllers/api/traces_controller.rb index d7f2f043a..88b6edc67 100644 --- a/app/controllers/api/traces_controller.rb +++ b/app/controllers/api/traces_controller.rb @@ -1,8 +1,7 @@ module Api - class TracesController < ApplicationController + class TracesController < ApiController layout "site", :except => :georss - skip_before_action :verify_authenticity_token before_action :authorize_web before_action :set_locale before_action :authorize diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb index 82f6c6a4d..39e0dff30 100644 --- a/app/controllers/api/user_preferences_controller.rb +++ b/app/controllers/api/user_preferences_controller.rb @@ -1,7 +1,6 @@ # Update and read user preferences, which are arbitrayr key/val pairs module Api - class UserPreferencesController < ApplicationController - skip_before_action :verify_authenticity_token + class UserPreferencesController < ApiController before_action :authorize authorize_resource diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index 70ad93f65..5c3a6cb8e 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,8 +1,7 @@ module Api - class UsersController < ApplicationController + class UsersController < ApiController layout "site", :except => [:api_details] - skip_before_action :verify_authenticity_token before_action :disable_terms_redirect, :only => [:api_details] before_action :authorize, :only => [:api_details, :api_gpx_files] before_action :api_deny_access_handler diff --git a/app/controllers/api/ways_controller.rb b/app/controllers/api/ways_controller.rb index 8684c5cfb..2de2d619b 100644 --- a/app/controllers/api/ways_controller.rb +++ b/app/controllers/api/ways_controller.rb @@ -1,8 +1,7 @@ module Api - class WaysController < ApplicationController + class WaysController < ApiController require "xml/libxml" - skip_before_action :verify_authenticity_token before_action :authorize, :only => [:create, :update, :delete] before_action :api_deny_access_handler diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb new file mode 100644 index 000000000..fb3717b2a --- /dev/null +++ b/app/controllers/api_controller.rb @@ -0,0 +1,3 @@ +class ApiController < ApplicationController + skip_before_action :verify_authenticity_token +end -- 2.43.2