Move check_api_readable to api_controller

It's easier to skip the check in the two places that we need to, and
include it by default everywhere else.

app/controllers/api/capabilities_controller.rb

@@ -1,5 +1,7 @@
 module Api
  class CapabilitiesController < ApiController
+ skip_before_action :check_api_readable
+
  authorize_resource :class => false
 
  before_action :set_request_formats

app/controllers/api/changeset_comments_controller.rb

@@ -1,6 +1,5 @@
 module Api
  class ChangesetCommentsController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable
  before_action :authorize
 

app/controllers/api/changesets_controller.rb

@@ -2,7 +2,6 @@
 
 module Api
  class ChangesetsController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe]
  before_action :setup_user_auth, :only => [:show]
  before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]

app/controllers/api/map_controller.rb

@@ -1,7 +1,5 @@
 module Api
  class MapController < ApiController
- before_action :check_api_readable
-
  authorize_resource :class => false
 
  around_action :api_call_handle_error, :api_call_timeout

app/controllers/api/nodes_controller.rb

@@ -2,7 +2,6 @@
 
 module Api
  class NodesController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:create, :update, :delete]
  before_action :authorize, :only => [:create, :update, :delete]
 

app/controllers/api/notes_controller.rb

@@ -1,6 +1,5 @@
 module Api
  class NotesController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
  before_action :setup_user_auth, :only => [:create, :show]
  before_action :authorize, :only => [:close, :reopen, :destroy, :comment]

app/controllers/api/old_elements_controller.rb

@@ -3,7 +3,6 @@
 # nodes, ways and relations are basically identical.
 module Api
  class OldElementsController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:redact]
  before_action :setup_user_auth, :only => [:history, :show]
  before_action :authorize, :only => [:redact]

app/controllers/api/permissions_controller.rb

@@ -1,7 +1,5 @@
 module Api
  class PermissionsController < ApiController
- before_action :check_api_readable
-
  authorize_resource :class => false
 
  before_action :setup_user_auth

app/controllers/api/relations_controller.rb

@@ -1,6 +1,5 @@
 module Api
  class RelationsController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:create, :update, :delete]
  before_action :authorize, :only => [:create, :update, :delete]
 

app/controllers/api/tracepoints_controller.rb

@@ -1,7 +1,5 @@
 module Api
  class TracepointsController < ApiController
- before_action :check_api_readable
-
  authorize_resource
 
  around_action :api_call_handle_error, :api_call_timeout

app/controllers/api/traces_controller.rb

@@ -1,6 +1,5 @@
 module Api
  class TracesController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:create, :update, :destroy]
  before_action :set_locale
  before_action :authorize

app/controllers/api/user_blocks_controller.rb

@@ -1,7 +1,5 @@
 module Api
  class UserBlocksController < ApiController
- before_action :check_api_readable
-
  authorize_resource
 
  around_action :api_call_handle_error, :api_call_timeout

app/controllers/api/user_preferences_controller.rb

@@ -1,7 +1,6 @@
 # Update and read user preferences, which are arbitrary key/val pairs
 module Api
  class UserPreferencesController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:update_all, :update, :destroy]
  before_action :authorize
 

app/controllers/api/users_controller.rb

@@ -1,6 +1,5 @@
 module Api
  class UsersController < ApiController
- before_action :check_api_readable
  before_action :disable_terms_redirect, :only => [:details]
  before_action :setup_user_auth, :only => [:show, :index]
  before_action :authorize, :only => [:details, :gpx_files]

app/controllers/api/versions_controller.rb

@@ -1,5 +1,6 @@
 module Api
  class VersionsController < ApiController
+ skip_before_action :check_api_readable
  authorize_resource :class => false
 
  before_action :set_request_formats

app/controllers/api/ways_controller.rb

@@ -1,6 +1,5 @@
 module Api
  class WaysController < ApiController
- before_action :check_api_readable
  before_action :check_api_writable, :only => [:create, :update, :delete]
  before_action :authorize, :only => [:create, :update, :delete]
 

app/controllers/api_controller.rb

@@ -1,6 +1,8 @@
 class ApiController < ApplicationController
  skip_before_action :verify_authenticity_token
 
+ before_action :check_api_readable
+
  private
 
  ##