Merge remote-tracking branch 'upstream/pull/2134'

[rails.git] / app / controllers / changeset_comments_controller.rb

diff --git a/app/controllers/changeset_comments_controller.rb b/app/controllers/changeset_comments_controller.rb
index 6a563f9b2c5cb92393260a77baedf3aa96b99f79..a3023af3eb3fd6e057781f4028e1d9c4bf28c6eb 100644 (file)
--- a/app/controllers/changeset_comments_controller.rb
+++ b/app/controllers/changeset_comments_controller.rb
@@ -1,9 +1,12 @@
 class ChangesetCommentsController < ApplicationController
+  skip_before_action :verify_authenticity_token, :except => [:index]
   before_action :authorize_web, :only => [:index]
   before_action :set_locale, :only => [:index]
   before_action :authorize, :only => [:create, :destroy, :restore]
-  before_action :require_moderator, :only => [:destroy, :restore]
-  before_action :require_allow_write_api, :only => [:create, :destroy, :restore]
+  before_action :api_deny_access_handler, :only => [:create, :destroy, :restore]
+
+  authorize_resource
+
   before_action :require_public_data, :only => [:create]
   before_action :check_api_writable, :only => [:create, :destroy, :restore]
   before_action :check_api_readable, :except => [:create, :index]