2 class NotesController < ApiController
3 before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
4 before_action :setup_user_auth, :only => [:create, :show]
5 before_action :authorize, :only => [:close, :reopen, :destroy, :comment]
9 before_action :set_locale
10 before_action :set_request_formats, :except => [:feed]
13 # Return a list of notes in a given area
15 # Figure out the bbox - we prefer a bbox argument but also
16 # support the old, deprecated, method with four arguments
18 bbox = BoundingBox.from_bbox_params(params)
19 elsif params[:l] && params[:r] && params[:b] && params[:t]
20 bbox = BoundingBox.from_lrbt_params(params)
22 raise OSM::APIBadUserInput, "The parameter bbox is required"
25 # Get any conditions that need to be applied
26 notes = closed_condition(Note.all)
28 # Check that the boundaries are valid
31 # Check the the bounding box is not too big
32 bbox.check_size(Settings.max_note_request_area)
33 @min_lon = bbox.min_lon
34 @min_lat = bbox.min_lat
35 @max_lon = bbox.max_lon
36 @max_lat = bbox.max_lat
38 # Find the notes we want to return
39 @notes = notes.bbox(bbox).order("updated_at DESC").limit(result_limit).preload(:comments)
42 respond_to do |format|
53 # Check the arguments are sane
54 raise OSM::APIBadUserInput, "No id was given" unless params[:id]
56 # Find the note and check it is valid
57 @note = Note.find(params[:id])
58 raise OSM::APINotFoundError unless @note
59 raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user&.moderator?
62 respond_to do |format|
74 raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip)
76 # Check the arguments are sane
77 raise OSM::APIBadUserInput, "No lat was given" unless params[:lat]
78 raise OSM::APIBadUserInput, "No lon was given" unless params[:lon]
79 raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
81 # Extract the arguments
82 lon = OSM.parse_float(params[:lon], OSM::APIBadUserInput, "lon was not a number")
83 lat = OSM.parse_float(params[:lat], OSM::APIBadUserInput, "lat was not a number")
84 comment = params[:text]
86 # Include in a transaction to ensure that there is always a note_comment for every note
89 @note = Note.create(:lat => lat, :lon => lon)
90 raise OSM::APIBadUserInput, "The note is outside this world" unless @note.in_world?
95 # Add a comment to the note
96 add_comment(@note, comment, "opened")
99 # Return a copy of the new note
100 respond_to do |format|
101 format.xml { render :action => :show }
102 format.json { render :action => :show }
107 # Delete (hide) a note
109 # Check the arguments are sane
110 raise OSM::APIBadUserInput, "No id was given" unless params[:id]
112 # Extract the arguments
113 id = params[:id].to_i
114 comment = params[:text]
116 # Find the note and check it is valid
118 @note = Note.lock.find(id)
119 raise OSM::APINotFoundError unless @note
120 raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
122 # Mark the note as hidden
123 @note.status = "hidden"
126 add_comment(@note, comment, "hidden", :notify => false)
129 # Return a copy of the updated note
130 respond_to do |format|
131 format.xml { render :action => :show }
132 format.json { render :action => :show }
137 # Add a comment to an existing note
139 # Check the arguments are sane
140 raise OSM::APIBadUserInput, "No id was given" unless params[:id]
141 raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
143 # Extract the arguments
144 id = params[:id].to_i
145 comment = params[:text]
147 # Find the note and check it is valid
149 @note = Note.lock.find(id)
150 raise OSM::APINotFoundError unless @note
151 raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
152 raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
154 # Add a comment to the note
155 add_comment(@note, comment, "commented")
158 # Return a copy of the updated note
159 respond_to do |format|
160 format.xml { render :action => :show }
161 format.json { render :action => :show }
168 # Check the arguments are sane
169 raise OSM::APIBadUserInput, "No id was given" unless params[:id]
171 # Extract the arguments
172 id = params[:id].to_i
173 comment = params[:text]
175 # Find the note and check it is valid
177 @note = Note.lock.find_by(:id => id)
178 raise OSM::APINotFoundError unless @note
179 raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
180 raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
182 # Close the note and add a comment
185 add_comment(@note, comment, "closed")
188 # Return a copy of the updated note
189 respond_to do |format|
190 format.xml { render :action => :show }
191 format.json { render :action => :show }
198 # Check the arguments are sane
199 raise OSM::APIBadUserInput, "No id was given" unless params[:id]
201 # Extract the arguments
202 id = params[:id].to_i
203 comment = params[:text]
205 # Find the note and check it is valid
207 @note = Note.lock.find_by(:id => id)
208 raise OSM::APINotFoundError unless @note
209 raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator?
210 raise OSM::APINoteAlreadyOpenError, @note unless @note.closed? || !@note.visible?
212 # Reopen the note and add a comment
215 add_comment(@note, comment, "reopened")
218 # Return a copy of the updated note
219 respond_to do |format|
220 format.xml { render :action => :show }
221 format.json { render :action => :show }
226 # Get a feed of recent notes and comments
228 # Get any conditions that need to be applied
229 notes = closed_condition(Note.all)
230 notes = bbox_condition(notes)
232 # Find the comments we want to return
233 @comments = NoteComment.where(:note => notes)
234 .order(:created_at => :desc).limit(result_limit)
235 .preload(:author, :note => { :comments => :author })
238 respond_to do |format|
244 # Return a list of notes matching a given string
246 # Get the initial set of notes
247 @notes = closed_condition(Note.all)
248 @notes = bbox_condition(@notes)
250 # Add any user filter
251 if params[:display_name] || params[:user]
252 if params[:display_name]
253 @user = User.find_by(:display_name => params[:display_name])
255 raise OSM::APIBadUserInput, "User #{params[:display_name]} not known" unless @user
257 @user = User.find_by(:id => params[:user])
259 raise OSM::APIBadUserInput, "User #{params[:user]} not known" unless @user
262 @notes = @notes.joins(:comments).where(:note_comments => { :author_id => @user })
265 # Add any text filter
266 @notes = @notes.joins(:comments).where("to_tsvector('english', note_comments.body) @@ plainto_tsquery('english', ?)", params[:q]) if params[:q]
268 # Add any date filter
271 from = Time.parse(params[:from]).utc
273 raise OSM::APIBadUserInput, "Date #{params[:from]} is in a wrong format"
278 Time.parse(params[:to]).utc
283 raise OSM::APIBadUserInput, "Date #{params[:to]} is in a wrong format"
286 @notes = if params[:sort] == "updated_at"
287 @notes.where(:updated_at => from..to)
289 @notes.where(:created_at => from..to)
293 # Choose the sort order
294 @notes = if params[:sort] == "created_at"
295 if params[:order] == "oldest"
296 @notes.order("created_at ASC")
298 @notes.order("created_at DESC")
301 if params[:order] == "oldest"
302 @notes.order("updated_at ASC")
304 @notes.order("updated_at DESC")
308 # Find the notes we want to return
309 @notes = @notes.distinct.limit(result_limit).preload(:comments)
312 respond_to do |format|
313 format.rss { render :action => :index }
314 format.xml { render :action => :index }
315 format.json { render :action => :index }
316 format.gpx { render :action => :index }
322 #------------------------------------------------------------
323 # utility functions below.
324 #------------------------------------------------------------
327 # Get the maximum number of results to return
330 if params[:limit].to_i.positive? && params[:limit].to_i <= Settings.max_note_query_limit
333 raise OSM::APIBadUserInput, "Note limit must be between 1 and #{Settings.max_note_query_limit}"
336 Settings.default_note_query_limit
341 # Generate a condition to choose which notes we want based
342 # on their status and the user's request parameters
343 def closed_condition(notes)
344 closed_since = if params[:closed]
345 params[:closed].to_i.days
347 Note::DEFAULT_FRESHLY_CLOSED_LIMIT
350 if closed_since.negative?
351 notes.where.not(:status => "hidden")
352 elsif closed_since.positive?
353 notes.where(:status => "open")
354 .or(notes.where(:status => "closed")
355 .where(notes.arel_table[:closed_at].gt(Time.now.utc - closed_since)))
357 notes.where(:status => "open")
362 # Generate a condition to choose which notes we want based
363 # on the user's bounding box request parameters
364 def bbox_condition(notes)
366 bbox = BoundingBox.from_bbox_params(params)
368 bbox.check_boundaries
369 bbox.check_size(Settings.max_note_request_area)
371 @min_lon = bbox.min_lon
372 @min_lat = bbox.min_lat
373 @max_lon = bbox.max_lon
374 @max_lat = bbox.max_lat
383 # Add a comment to a note
384 def add_comment(note, text, event, notify: true)
385 attributes = { :visible => true, :event => event, :body => text }
388 author = current_user if scope_enabled?(:write_notes)
390 author = current_user
394 attributes[:author_id] = author.id
396 attributes[:author_ip] = request.remote_ip
399 comment = note.comments.create!(attributes)
401 note.comments.map(&:author).uniq.each do |user|
402 UserMailer.note_comment_notification(comment, user).deliver_later if notify && user && user != current_user && user.visible?
405 NoteSubscription.find_or_create_by(:note => note, :user => current_user) if current_user