From c1cccd40fc6af6b9790c9902581cf2e49006c084 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 29 May 2024 14:54:16 +0100 Subject: [PATCH] Move check_api_readable to api_controller It's easier to skip the check in the two places that we need to, and include it by default everywhere else. --- app/controllers/api/capabilities_controller.rb | 2 ++ app/controllers/api/changeset_comments_controller.rb | 1 - app/controllers/api/changesets_controller.rb | 1 - app/controllers/api/map_controller.rb | 2 -- app/controllers/api/nodes_controller.rb | 1 - app/controllers/api/notes_controller.rb | 1 - app/controllers/api/old_elements_controller.rb | 1 - app/controllers/api/permissions_controller.rb | 2 -- app/controllers/api/relations_controller.rb | 1 - app/controllers/api/tracepoints_controller.rb | 2 -- app/controllers/api/traces_controller.rb | 1 - app/controllers/api/user_blocks_controller.rb | 2 -- app/controllers/api/user_preferences_controller.rb | 1 - app/controllers/api/users_controller.rb | 1 - app/controllers/api/versions_controller.rb | 1 + app/controllers/api/ways_controller.rb | 1 - app/controllers/api_controller.rb | 2 ++ 17 files changed, 5 insertions(+), 18 deletions(-) diff --git a/app/controllers/api/capabilities_controller.rb b/app/controllers/api/capabilities_controller.rb index 80222c40bd..cbdcace0cd 100644 --- a/app/controllers/api/capabilities_controller.rb +++ b/app/controllers/api/capabilities_controller.rb @@ -1,5 +1,7 @@ module Api class CapabilitiesController < ApiController + skip_before_action :check_api_readable + authorize_resource :class => false before_action :set_request_formats diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index c1980e80b3..4a96ec3bba 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -1,6 +1,5 @@ module Api class ChangesetCommentsController < ApiController - before_action :check_api_readable before_action :check_api_writable before_action :authorize diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb index 71ffc6d137..3d59eeb171 100644 --- a/app/controllers/api/changesets_controller.rb +++ b/app/controllers/api/changesets_controller.rb @@ -2,7 +2,6 @@ module Api class ChangesetsController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] before_action :setup_user_auth, :only => [:show] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] diff --git a/app/controllers/api/map_controller.rb b/app/controllers/api/map_controller.rb index 5a05f6de2b..6d4a9feb6c 100644 --- a/app/controllers/api/map_controller.rb +++ b/app/controllers/api/map_controller.rb @@ -1,7 +1,5 @@ module Api class MapController < ApiController - before_action :check_api_readable - authorize_resource :class => false around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/nodes_controller.rb b/app/controllers/api/nodes_controller.rb index 1ccc2152d6..5aad78dbff 100644 --- a/app/controllers/api/nodes_controller.rb +++ b/app/controllers/api/nodes_controller.rb @@ -2,7 +2,6 @@ module Api class NodesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index 8a0a82c401..d53059a94e 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -1,6 +1,5 @@ module Api class NotesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :setup_user_auth, :only => [:create, :show] before_action :authorize, :only => [:close, :reopen, :destroy, :comment] diff --git a/app/controllers/api/old_elements_controller.rb b/app/controllers/api/old_elements_controller.rb index 6a468a9006..2343252dbb 100644 --- a/app/controllers/api/old_elements_controller.rb +++ b/app/controllers/api/old_elements_controller.rb @@ -3,7 +3,6 @@ # nodes, ways and relations are basically identical. module Api class OldElementsController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:redact] before_action :setup_user_auth, :only => [:history, :show] before_action :authorize, :only => [:redact] diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb index 8c0c949dc2..717bbfa6f7 100644 --- a/app/controllers/api/permissions_controller.rb +++ b/app/controllers/api/permissions_controller.rb @@ -1,7 +1,5 @@ module Api class PermissionsController < ApiController - before_action :check_api_readable - authorize_resource :class => false before_action :setup_user_auth diff --git a/app/controllers/api/relations_controller.rb b/app/controllers/api/relations_controller.rb index 6cd3f4137d..5fb99dbd18 100644 --- a/app/controllers/api/relations_controller.rb +++ b/app/controllers/api/relations_controller.rb @@ -1,6 +1,5 @@ module Api class RelationsController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] diff --git a/app/controllers/api/tracepoints_controller.rb b/app/controllers/api/tracepoints_controller.rb index f38351de96..d8d9da98b6 100644 --- a/app/controllers/api/tracepoints_controller.rb +++ b/app/controllers/api/tracepoints_controller.rb @@ -1,7 +1,5 @@ module Api class TracepointsController < ApiController - before_action :check_api_readable - authorize_resource around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/traces_controller.rb b/app/controllers/api/traces_controller.rb index a510655ca3..738642fff7 100644 --- a/app/controllers/api/traces_controller.rb +++ b/app/controllers/api/traces_controller.rb @@ -1,6 +1,5 @@ module Api class TracesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :destroy] before_action :set_locale before_action :authorize diff --git a/app/controllers/api/user_blocks_controller.rb b/app/controllers/api/user_blocks_controller.rb index 19fd4b400b..6c285e14a2 100644 --- a/app/controllers/api/user_blocks_controller.rb +++ b/app/controllers/api/user_blocks_controller.rb @@ -1,7 +1,5 @@ module Api class UserBlocksController < ApiController - before_action :check_api_readable - authorize_resource around_action :api_call_handle_error, :api_call_timeout diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb index db779a35e0..cb852ce881 100644 --- a/app/controllers/api/user_preferences_controller.rb +++ b/app/controllers/api/user_preferences_controller.rb @@ -1,7 +1,6 @@ # Update and read user preferences, which are arbitrary key/val pairs module Api class UserPreferencesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:update_all, :update, :destroy] before_action :authorize diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index 6fa47095a1..5ff275ee9d 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,6 +1,5 @@ module Api class UsersController < ApiController - before_action :check_api_readable before_action :disable_terms_redirect, :only => [:details] before_action :setup_user_auth, :only => [:show, :index] before_action :authorize, :only => [:details, :gpx_files] diff --git a/app/controllers/api/versions_controller.rb b/app/controllers/api/versions_controller.rb index d5c9c5f87c..d311a18d24 100644 --- a/app/controllers/api/versions_controller.rb +++ b/app/controllers/api/versions_controller.rb @@ -1,5 +1,6 @@ module Api class VersionsController < ApiController + skip_before_action :check_api_readable authorize_resource :class => false before_action :set_request_formats diff --git a/app/controllers/api/ways_controller.rb b/app/controllers/api/ways_controller.rb index 7878c8701d..4099e16763 100644 --- a/app/controllers/api/ways_controller.rb +++ b/app/controllers/api/ways_controller.rb @@ -1,6 +1,5 @@ module Api class WaysController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :update, :delete] before_action :authorize, :only => [:create, :update, :delete] diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index edafac7ccd..ff7f694c5e 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,6 +1,8 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + before_action :check_api_readable + private ##