- session :off, :except => [:list, :list_user, :list_bbox]
- before_filter :authorize_web, :only => [:list, :list_user, :list_bbox]
- before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close]
- before_filter :require_public_data, :only => [:create, :update, :delete, :upload, :include, :close]
- before_filter :check_api_writable, :only => [:create, :update, :delete, :upload, :include]
- before_filter :check_api_readable, :except => [:create, :update, :delete, :upload, :download, :query]
+ skip_before_filter :verify_authenticity_token, :except => [:list]
+ before_filter :authorize_web, :only => [:list, :feed, :comments_feed]
+ before_filter :set_locale, :only => [:list, :feed, :comments_feed]
+ before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close, :comment, :subscribe, :unsubscribe, :hide_comment, :unhide_comment]
+ before_filter :require_moderator, :only => [:hide_comment, :unhide_comment]
+ before_filter :require_allow_write_api, :only => [:create, :update, :delete, :upload, :include, :close, :comment, :subscribe, :unsubscribe, :hide_comment, :unhide_comment]
+ before_filter :require_public_data, :only => [:create, :update, :delete, :upload, :include, :close, :comment, :subscribe, :unsubscribe]
+ before_filter :check_api_writable, :only => [:create, :update, :delete, :upload, :include, :comment, :subscribe, :unsubscribe, :hide_comment, :unhide_comment]
+ before_filter :check_api_readable, :except => [:create, :update, :delete, :upload, :download, :query, :list, :feed, :comment, :subscribe, :unsubscribe, :comments_feed]
+ before_filter(:only => [:list, :feed, :comments_feed]) { |c| c.check_database_readable(true) }