From 4eafa04ff8059f475ebfbec2cedeeee1773a9c8b Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 16 Apr 2009 21:50:20 +0000 Subject: [PATCH] Reject uploads unless the user has made their edits pubic. --- app/controllers/application.rb | 8 ++++++++ app/controllers/changeset_controller.rb | 1 + app/controllers/node_controller.rb | 1 + app/controllers/relation_controller.rb | 1 + app/controllers/way_controller.rb | 1 + 5 files changed, 12 insertions(+) diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 21f691bb3..bfd2e9c54 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -82,6 +82,14 @@ class ApplicationController < ActionController::Base end end + def require_public_data + unless @user.data_public? + response.headers['Error'] = "You must make your edits public to upload new data" + render :nothing => true, :status => :forbidden + return false + end + end + # Report and error to the user # (If anyone ever fixes Rails so it can set a http status "reason phrase", # rather than only a status code and having the web engine make up a diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb index a363a26e1..4913a600e 100644 --- a/app/controllers/changeset_controller.rb +++ b/app/controllers/changeset_controller.rb @@ -7,6 +7,7 @@ class ChangesetController < ApplicationController session :off, :except => [:list, :list_user, :list_bbox] before_filter :authorize_web, :only => [:list, :list_user, :list_bbox] before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close] + before_filter :require_public_data, :only => [:create, :update, :delete, :upload, :include, :close] before_filter :check_api_writable, :only => [:create, :update, :delete, :upload, :include] before_filter :check_api_readable, :except => [:create, :update, :delete, :upload, :download, :query] after_filter :compress_output diff --git a/app/controllers/node_controller.rb b/app/controllers/node_controller.rb index 80a3b30d5..6e96d31ca 100644 --- a/app/controllers/node_controller.rb +++ b/app/controllers/node_controller.rb @@ -5,6 +5,7 @@ class NodeController < ApplicationController session :off before_filter :authorize, :only => [:create, :update, :delete] + before_filter :require_public_data, :only => [:create, :update, :delete] before_filter :check_api_writable, :only => [:create, :update, :delete] before_filter :check_api_readable, :except => [:create, :update, :delete] after_filter :compress_output diff --git a/app/controllers/relation_controller.rb b/app/controllers/relation_controller.rb index 3d3fa2185..a249e42a0 100644 --- a/app/controllers/relation_controller.rb +++ b/app/controllers/relation_controller.rb @@ -3,6 +3,7 @@ class RelationController < ApplicationController session :off before_filter :authorize, :only => [:create, :update, :delete] + before_filter :require_public_data, :only => [:create, :update, :delete] before_filter :check_api_writable, :only => [:create, :update, :delete] before_filter :check_api_readable, :except => [:create, :update, :delete] after_filter :compress_output diff --git a/app/controllers/way_controller.rb b/app/controllers/way_controller.rb index e28945dcd..ab83d4ec3 100644 --- a/app/controllers/way_controller.rb +++ b/app/controllers/way_controller.rb @@ -3,6 +3,7 @@ class WayController < ApplicationController session :off before_filter :authorize, :only => [:create, :update, :delete] + before_filter :require_public_data, :only => [:create, :update, :delete] before_filter :check_api_writable, :only => [:create, :update, :delete] before_filter :check_api_readable, :except => [:create, :update, :delete] after_filter :compress_output -- 2.43.2