- class ChangesetCommentsController < ApplicationController
- skip_before_action :verify_authenticity_token
+ class ChangesetCommentsController < ApiController
+ before_action :check_api_writable
+ before_action :check_api_readable, :except => [:create]
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
# Add a comment to the changeset
comment = changeset.comments.create(:changeset => changeset,
# Add a comment to the changeset
comment = changeset.comments.create(:changeset => changeset,