]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/browse/note.html.erb
Preserve schemes in security policy
[rails.git] / app / views / browse / note.html.erb
index ac0ba9a2397372b742115c50ea07f3111b7c6f3d..37067c311fe812d3dab1606763094f0cbd8352bc 100644 (file)
     <form action="#">
       <textarea class="comment" name="text" cols="40" rows="5"></textarea>
       <div class="buttons clearfix">
     <form action="#">
       <textarea class="comment" name="text" cols="40" rows="5"></textarea>
       <div class="buttons clearfix">
-        <input type="submit" name="hide" value="<%= t('javascripts.notes.show.hide') %>" class="hide_unless_moderator deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, 'json') %>">
-        <input type="submit" name="close" value="<%= t('javascripts.notes.show.resolve') %>" class="hide_unless_logged_in" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, 'json') %>">
+        <% if current_user and current_user.moderator? -%>
+          <input type="submit" name="hide" value="<%= t('javascripts.notes.show.hide') %>" class="deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, 'json') %>">
+        <% end -%>
+        <% if current_user -%>
+          <input type="submit" name="close" value="<%= t('javascripts.notes.show.resolve') %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, 'json') %>">
+        <% end -%>
         <input type="submit" name="comment" value="<%= t('javascripts.notes.show.comment') %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= comment_note_url(@note, 'json') %>" disabled="1">
       </div>
     </form>
         <input type="submit" name="comment" value="<%= t('javascripts.notes.show.comment') %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= comment_note_url(@note, 'json') %>" disabled="1">
       </div>
     </form>
     <form action="#">
       <input type="hidden" name="text" value="">
       <div class="buttons clearfix">
     <form action="#">
       <input type="hidden" name="text" value="">
       <div class="buttons clearfix">
-        <input type="submit" name="hide" value="<%= t('javascripts.notes.show.hide') %>" class="hide_unless_moderator deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, 'json') %>">
-        <input type="submit" name="reopen" value="<%= t('javascripts.notes.show.reactivate') %>" class="hide_unless_logged_in" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= reopen_note_url(@note, 'json') %>">
+        <% if current_user and current_user.moderator? -%>
+          <input type="submit" name="hide" value="<%= t('javascripts.notes.show.hide') %>" class="deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, 'json') %>">
+        <% end -%>
+        <% if current_user -%>
+          <input type="submit" name="reopen" value="<%= t('javascripts.notes.show.reactivate') %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= reopen_note_url(@note, 'json') %>">
+        <% end -%>
       </div>
     </form>
   <% end %>
       </div>
     </form>
   <% end %>