From 618908319ca4cc33f4e14c2caba245cd7076829a Mon Sep 17 00:00:00 2001 From: Christopher Schmidt Date: Sun, 11 May 2008 21:49:33 +0000 Subject: [PATCH] prevent update of any object without providing the correct/current version as part of the XML. This affects update-only at this time: DELETE doesn't work the same way because we don't provide the data as part of a DELETE --- app/controllers/node_controller.rb | 4 ++++ app/controllers/relation_controller.rb | 4 ++++ app/controllers/way_controller.rb | 5 +++++ 3 files changed, 13 insertions(+) diff --git a/app/controllers/node_controller.rb b/app/controllers/node_controller.rb index 956a8b8d9..fa6759c3b 100644 --- a/app/controllers/node_controller.rb +++ b/app/controllers/node_controller.rb @@ -49,6 +49,10 @@ class NodeController < ApplicationController begin node = Node.find(params[:id]) new_node = Node.from_xml(request.raw_post) + if new_node.version != node.version + render :text => "Version mismatch: Provided " + new_node.version.to_s + ", server had: " + node.version.to_s, :status => :bad_request + return + end if new_node and new_node.id == node.id node.update_from(new_node, @user) diff --git a/app/controllers/relation_controller.rb b/app/controllers/relation_controller.rb index 20f5372a6..d7b9de13c 100644 --- a/app/controllers/relation_controller.rb +++ b/app/controllers/relation_controller.rb @@ -49,6 +49,10 @@ class RelationController < ApplicationController begin relation = Relation.find(params[:id]) new_relation = Relation.from_xml(request.raw_post) + if new_relation.version != relation.version + render :text => "Version mismatch: Provided " + new_relation.version.to_s + ", server had: " + relation.version.to_s, :status => :bad_request + return + end if new_relation and new_relation.id == relation.id relation.update_from new_relation, user diff --git a/app/controllers/way_controller.rb b/app/controllers/way_controller.rb index 94a10d424..d3a1b039f 100644 --- a/app/controllers/way_controller.rb +++ b/app/controllers/way_controller.rb @@ -49,6 +49,11 @@ class WayController < ApplicationController begin way = Way.find(params[:id]) new_way = Way.from_xml(request.raw_post) + if new_way.version != way.version + render :text => "Version mismatch: Provided " + new_way.version.to_s + ", server had: " + way.version.to_s, :status => :bad_request + return + end + if new_way and new_way.id == way.id way.update_from(new_way, @user) -- 2.43.2