module Api
class NotesController < ApiController
- before_action :check_api_readable
before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
before_action :setup_user_auth, :only => [:create, :show]
before_action :authorize, :only => [:close, :reopen, :destroy, :comment]
authorize_resource
before_action :set_locale
- around_action :api_call_handle_error, :api_call_timeout
before_action :set_request_formats, :except => [:feed]
##
# support the old, deprecated, method with four arguments
if params[:bbox]
bbox = BoundingBox.from_bbox_params(params)
- else
- raise OSM::APIBadUserInput, "No l was given" unless params[:l]
- raise OSM::APIBadUserInput, "No r was given" unless params[:r]
- raise OSM::APIBadUserInput, "No b was given" unless params[:b]
- raise OSM::APIBadUserInput, "No t was given" unless params[:t]
-
+ elsif params[:l] && params[:r] && params[:b] && params[:t]
bbox = BoundingBox.from_lrbt_params(params)
+ else
+ raise OSM::APIBadUserInput, "The parameter bbox is required"
end
# Get any conditions that need to be applied
comment = params[:text]
# Find the note and check it is valid
- @note = Note.find(id)
- raise OSM::APINotFoundError unless @note
- raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
-
- # Mark the note as hidden
Note.transaction do
+ @note = Note.lock.find(id)
+ raise OSM::APINotFoundError unless @note
+ raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+
+ # Mark the note as hidden
@note.status = "hidden"
@note.save
##
# Add a comment to an existing note
def comment
- # Check the ACLs
- raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip)
-
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
comment = params[:text]
# Find the note and check it is valid
- @note = Note.find(id)
- raise OSM::APINotFoundError unless @note
- raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
- raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
-
- # Add a comment to the note
Note.transaction do
+ @note = Note.lock.find(id)
+ raise OSM::APINotFoundError unless @note
+ raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+ raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
+
+ # Add a comment to the note
add_comment(@note, comment, "commented")
end
comment = params[:text]
# Find the note and check it is valid
- @note = Note.find_by(:id => id)
- raise OSM::APINotFoundError unless @note
- raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
- raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
-
- # Close the note and add a comment
Note.transaction do
+ @note = Note.lock.find_by(:id => id)
+ raise OSM::APINotFoundError unless @note
+ raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+ raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
+
+ # Close the note and add a comment
@note.close
add_comment(@note, comment, "closed")
comment = params[:text]
# Find the note and check it is valid
- @note = Note.find_by(:id => id)
- raise OSM::APINotFoundError unless @note
- raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator?
- raise OSM::APINoteAlreadyOpenError, @note unless @note.closed? || !@note.visible?
-
- # Reopen the note and add a comment
Note.transaction do
+ @note = Note.lock.find_by(:id => id)
+ raise OSM::APINotFoundError unless @note
+ raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator?
+ raise OSM::APINoteAlreadyOpenError, @note unless @note.closed? || !@note.visible?
+
+ # Reopen the note and add a comment
@note.reopen
add_comment(@note, comment, "reopened")
def add_comment(note, text, event, notify: true)
attributes = { :visible => true, :event => event, :body => text }
- if current_user
- attributes[:author_id] = current_user.id
+ if doorkeeper_token
+ author = current_user if scope_enabled?(:write_notes)
+ else
+ author = current_user
+ end
+
+ if author
+ attributes[:author_id] = author.id
else
attributes[:author_ip] = request.remote_ip
end
note.comments.map(&:author).uniq.each do |user|
UserMailer.note_comment_notification(comment, user).deliver_later if notify && user && user != current_user && user.visible?
end
+
+ NoteSubscription.find_or_create_by(:note => note, :user => current_user) if current_user
end
end
end