module Api
- class ChangesetCommentsController < ApplicationController
- skip_before_action :verify_authenticity_token
+ class ChangesetCommentsController < ApiController
before_action :authorize
- before_action :api_deny_access_handler
authorize_resource
# Find the changeset and check it is valid
changeset = Changeset.find(id)
- raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open?
+ raise OSM::APIChangesetNotYetClosedError, changeset if changeset.open?
# Add a comment to the changeset
comment = changeset.comments.create(:changeset => changeset,
# Notify current subscribers of the new comment
changeset.subscribers.visible.each do |user|
- Notifier.changeset_comment_notification(comment, user).deliver_later if current_user != user
+ UserMailer.changeset_comment_notification(comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id)
# Return a copy of the updated changeset
- render :xml => changeset.to_xml.to_s
+ @changeset = changeset
+ render "api/changesets/changeset"
end
##
comment.update(:visible => false)
# Return a copy of the updated changeset
- render :xml => comment.changeset.to_xml.to_s
+ @changeset = comment.changeset
+ render "api/changesets/changeset"
end
##
comment.update(:visible => true)
# Return a copy of the updated changeset
- render :xml => comment.changeset.to_xml.to_s
+ @changeset = comment.changeset
+ render "api/changesets/changeset"
end
end
end