[openstreetmap/openstreetmap-website] Deprecate and remove expand_bbox call (#2316)
Frederik Ramm
notifications at github.com
Tue Jul 16 09:52:12 UTC 2019
This is all total vapourware and nobody knows if it's ever going to be implemented, but in the course of hardening the API against vandalism I want to build a feature that will allow admins (or other sufficiently privileged accounts) to block certain areas from being edited at all.
The threat scenario goes a bit like: "Nationalist web site in X country activates its readers to set up OSM accounts and edit the Y boundary which is disputed by X", and all of a sudden we get thousands of different new users every day making edits to the boundary. In that case I would like to be able to simply lock down that area for editing for a while even if it has some unwanted side effects.
Now the way I was planning to implement it is to latch onto the internal mechanism that expands the bbox, which (in the Rails code) is called before attempting to save any object changes; I would then have that code check for rectangle intersection with anything on the block list, and throw an exception in case of such intersection. Problem solved! (It would also kill all world-spanning changesets because of their large bbox intersecting with the blocked area but I have little sympathy for them anyway.)
If this ever gets built then I could imagine editors wanting to "pre-flight" a changeset upload by sending an expand_bbox call in advance, which would essentially then serve as a "tell me if I am even allowed to upload a changeset with this bbox".
But this is just offering a thought - by all means get rid of expand_bbox now and we can still add a specific preflight_bbox later if what I described here ever gets implemented. As a side note, any coders interested in hardening the OSM website against vandalism are welcome to contact DWG to discuss our wishlist ;)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2316#issuecomment-511748575
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190716/3e6ffff5/attachment.html>
More information about the rails-dev
mailing list