Add link to unredacted element history for moderators

[rails.git] / app / controllers / browse_controller.rb

diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb
index 6eb9675683f81df3089136e9fdfca2ba62e9ae57..e842d4872bf753a5c3993f7bb93455be84643c9b 100644 (file)
--- a/app/controllers/browse_controller.rb
+++ b/app/controllers/browse_controller.rb
@@ -3,9 +3,12 @@ class BrowseController < ApplicationController
 
   before_action :authorize_web
   before_action :set_locale
-  before_action(:except => [:query]) { |c| c.check_database_readable(true) }
+  before_action -> { check_database_readable(:need_api => true) }
   before_action :require_oauth
+  before_action :update_totp, :only => [:query]
+  before_action :require_moderator_for_unredacted_history, :only => [:relation_history, :way_history, :node_history]
   around_action :web_timeout
+  authorize_resource :class => false
 
   def relation
     @type = "relation"
@@ -17,7 +20,7 @@ class BrowseController < ApplicationController
 
   def relation_history
     @type = "relation"
-    @feature = Relation.preload(:relation_tags, :old_relations => [:old_tags, :changeset => [:changeset_tags, :user], :old_members => :member]).find(params[:id])
+    @feature = Relation.preload(:relation_tags, :old_relations => [:old_tags, { :changeset => [:changeset_tags, :user], :old_members => :member }]).find(params[:id])
     render "history"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
@@ -25,7 +28,7 @@ class BrowseController < ApplicationController
 
   def way
     @type = "way"
-    @feature = Way.preload(:way_tags, :containing_relation_members, :changeset => [:changeset_tags, :user], :nodes => [:node_tags, :ways => :way_tags]).find(params[:id])
+    @feature = Way.preload(:way_tags, :containing_relation_members, :changeset => [:changeset_tags, :user], :nodes => [:node_tags, { :ways => :way_tags }]).find(params[:id])
     render "feature"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
@@ -33,7 +36,7 @@ class BrowseController < ApplicationController
 
   def way_history
     @type = "way"
-    @feature = Way.preload(:way_tags, :old_ways => [:old_tags, :changeset => [:changeset_tags, :user], :old_nodes => { :node => [:node_tags, :ways] }]).find(params[:id])
+    @feature = Way.preload(:way_tags, :old_ways => [:old_tags, { :changeset => [:changeset_tags, :user], :old_nodes => { :node => [:node_tags, :ways] } }]).find(params[:id])
     render "history"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
@@ -49,7 +52,7 @@ class BrowseController < ApplicationController
 
   def node_history
     @type = "node"
-    @feature = Node.preload(:node_tags, :old_nodes => [:old_tags, :changeset => [:changeset_tags, :user]]).find(params[:id])
+    @feature = Node.preload(:node_tags, :old_nodes => [:old_tags, { :changeset => [:changeset_tags, :user] }]).find(params[:id])
     render "history"
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
@@ -74,17 +77,11 @@ class BrowseController < ApplicationController
     render :action => "not_found", :status => :not_found
   end
 
-  def note
-    @type = "note"
+  def query; end
 
-    if current_user&.moderator?
-      @note = Note.find(params[:id])
-      @note_comments = @note.comments.unscope(:where => :visible)
-    else
-      @note = Note.visible.find(params[:id])
-      @note_comments = @note.comments
-    end
-  rescue ActiveRecord::RecordNotFound
-    render :action => "not_found", :status => :not_found
+  private
+
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
   end
 end