<p></p>
<p dir="auto">The review of <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2199573959" data-permission-text="Title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/4605" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/4605/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/pull/4605">#4605</a> made me look more closely at the usage of <code class="notranslate">check_api_readable</code> and <code class="notranslate">check_api_writable</code> in existing controllers, and I realised that it can be a bit confusing.</p>
<p dir="auto">The two helpers return true or false depending on <code class="notranslate">api_status</code>, which itself returns one of three states.</p>
<table role="table">
<thead>
<tr>
<th><code class="notranslate">api_status</code></th>
<th><code class="notranslate">check_api_readable</code></th>
<th><code class="notranslate">check_api_writable</code></th>
</tr>
</thead>
<tbody>
<tr>
<td>online</td>
<td>✔️ true</td>
<td>✔️ true</td>
</tr>
<tr>
<td>readonly</td>
<td>✔️ true</td>
<td>✖️ false</td>
</tr>
<tr>
<td>offline</td>
<td>✖️ false</td>
<td>✖️ false</td>
</tr>
</tbody>
</table>
<p dir="auto">Note that it's not possible (nor is it logical) for the api to be <code class="notranslate">_writable</code> but not <code class="notranslate">_readable</code>.</p>
<hr>
<p dir="auto">There are therefore two approaches that we could standardise on, either:</p>
<ul dir="auto">
<li>Every method that needs some kind of API access either checks <code class="notranslate">_readable</code> or <code class="notranslate">_writable</code>, but not both</li>
<li>Every method that needs write access checks both (read actions only check <code class="notranslate">_readable</code>, of course).</li>
</ul>
<p dir="auto">The first approach seems logical, but leads to long lists of <code class="notranslate">:except</code> exclusions e.g.</p>
<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate">    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_writable</span><span class="pl-kos">,</span> <span class="pl-pds">:only</span> <span class="pl-c1">=></span> <span class="pl-kos">[</span><span class="pl-pds">:create</span><span class="pl-kos">,</span> <span class="pl-pds">:update</span><span class="pl-kos">,</span> <span class="pl-pds">:delete</span><span class="pl-kos">]</span>
    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_readable</span><span class="pl-kos">,</span> <span class="pl-pds">:except</span> <span class="pl-c1">=></span> <span class="pl-kos">[</span><span class="pl-pds">:create</span><span class="pl-kos">,</span> <span class="pl-pds">:update</span><span class="pl-kos">,</span> <span class="pl-pds">:delete</span><span class="pl-kos">]</span></pre></div>
<p dir="auto">The second approach leads to only maintaining one list of actions, e.g.</p>
<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate">    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_readable</span>
    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_writable</span><span class="pl-kos">,</span> <span class="pl-pds">:only</span> <span class="pl-c1">=></span> <span class="pl-kos">[</span><span class="pl-pds">:create</span><span class="pl-kos">,</span> <span class="pl-pds">:update</span><span class="pl-kos">,</span> <span class="pl-pds">:delete</span><span class="pl-kos">]</span></pre></div>
<p dir="auto">Technically this is redundant, since <code class="notranslate">_writable</code> also ensures that the api_status is in some kind of read mode. But I prefer this approach since it is easier to read and, I think, to maintain.</p>
<hr>
<p dir="auto">I also made a quick review of existing controllers, and it seems some are a bit of a mess:</p>
<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate"><span class="pl-k">class</span> <span class="pl-v">ChangesetCommentsController</span> < <span class="pl-v">ApiController</span>
    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_writable</span>
    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_readable</span><span class="pl-kos">,</span> <span class="pl-pds">:except</span> <span class="pl-c1">=></span> <span class="pl-kos">[</span><span class="pl-pds">:create</span><span class="pl-kos">]</span></pre></div>
<p dir="auto">This makes no sense, if all actions need write access then why would one action be excluded from the readable check?</p>
<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate">  <span class="pl-k">class</span> <span class="pl-v">ChangesetsController</span> < <span class="pl-v">ApiController</span>
    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_writable</span><span class="pl-kos">,</span> <span class="pl-pds">:only</span> <span class="pl-c1">=></span> <span class="pl-kos">[</span><span class="pl-pds">:create</span><span class="pl-kos">,</span> <span class="pl-pds">:update</span><span class="pl-kos">,</span> <span class="pl-pds">:upload</span><span class="pl-kos">,</span> <span class="pl-pds">:subscribe</span><span class="pl-kos">,</span> <span class="pl-pds">:unsubscribe</span><span class="pl-kos">]</span>
    <span class="pl-en">before_action</span> <span class="pl-pds">:check_api_readable</span><span class="pl-kos">,</span> <span class="pl-pds">:except</span> <span class="pl-c1">=></span> <span class="pl-kos">[</span><span class="pl-pds">:index</span><span class="pl-kos">,</span> <span class="pl-pds">:create</span><span class="pl-kos">,</span> <span class="pl-pds">:update</span><span class="pl-kos">,</span> <span class="pl-pds">:upload</span><span class="pl-kos">,</span> <span class="pl-pds">:download</span><span class="pl-kos">,</span> <span class="pl-pds">:subscribe</span><span class="pl-kos">,</span> <span class="pl-pds">:unsubscribe</span><span class="pl-kos">]</span></pre></div>
<p dir="auto">Why does changesets#index and changesets#download not have any checks on the api_status being online/readonly? They aren't covered by either check.</p>
<p dir="auto">I think both of these show the difficulties in trying to maintain <code class="notranslate">:except</code> lists.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/4858">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLJ73HTFF2HIYZYOX7DZEXTAHAVCNFSM6AAAAABIPDOOAWVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZDGNJSGI4TCOI">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLINVFPV2UH3H5IIECTZEXTAHA5CNFSM6AAAAABIPDOOAWWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHIU7RFM4.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/4858</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/4858",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/4858",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>