module Api
class NotesController < ApiController
- before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
before_action :setup_user_auth, :only => [:create, :show]
before_action :authorize, :only => [:close, :reopen, :destroy, :comment]
##
# Add a comment to an existing note
def comment
- # Check the ACLs
- raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip)
-
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
def feed
# Get any conditions that need to be applied
notes = closed_condition(Note.all)
-
- # Process any bbox
- if params[:bbox]
- bbox = BoundingBox.from_bbox_params(params)
-
- bbox.check_boundaries
- bbox.check_size(Settings.max_note_request_area)
-
- notes = notes.bbox(bbox)
- @min_lon = bbox.min_lon
- @min_lat = bbox.min_lat
- @max_lon = bbox.max_lon
- @max_lat = bbox.max_lat
- end
+ notes = bbox_condition(notes)
# Find the comments we want to return
@comments = NoteComment.where(:note => notes)
def search
# Get the initial set of notes
@notes = closed_condition(Note.all)
+ @notes = bbox_condition(@notes)
# Add any user filter
if params[:display_name] || params[:user]
end
end
+ ##
+ # Generate a condition to choose which notes we want based
+ # on the user's bounding box request parameters
+ def bbox_condition(notes)
+ if params[:bbox]
+ bbox = BoundingBox.from_bbox_params(params)
+
+ bbox.check_boundaries
+ bbox.check_size(Settings.max_note_request_area)
+
+ @min_lon = bbox.min_lon
+ @min_lat = bbox.min_lat
+ @max_lon = bbox.max_lon
+ @max_lat = bbox.max_lat
+
+ notes.bbox(bbox)
+ else
+ notes
+ end
+ end
+
##
# Add a comment to a note
def add_comment(note, text, event, notify: true)
attributes = { :visible => true, :event => event, :body => text }
- if current_user
- attributes[:author_id] = current_user.id
+ if doorkeeper_token || current_token
+ author = current_user if scope_enabled?(:write_notes)
+ else
+ author = current_user
+ end
+
+ if author
+ attributes[:author_id] = author.id
else
attributes[:author_ip] = request.remote_ip
end