module Api
- class NotesController < ApplicationController
+ class NotesController < ApiController
layout "site", :only => [:mine]
- skip_before_action :verify_authenticity_token
before_action :check_api_readable
before_action :setup_user_auth, :only => [:create, :comment, :show]
- before_action :authorize, :only => [:close, :reopen, :destroy]
- before_action :api_deny_access_handler
+ before_action :authorize, :only => [:close, :reopen, :destroy, :comment]
authorize_resource
bbox.check_boundaries
# Check the the bounding box is not too big
- bbox.check_size(MAX_NOTE_REQUEST_AREA)
+ bbox.check_size(Settings.max_note_request_area)
# Find the notes we want to return
@notes = notes.bbox(bbox).order("updated_at DESC").limit(result_limit).preload(:comments)
bbox = BoundingBox.from_bbox_params(params)
bbox.check_boundaries
- bbox.check_size(MAX_NOTE_REQUEST_AREA)
+ bbox.check_size(Settings.max_note_request_area)
notes = notes.bbox(bbox)
end
raise OSM::APIBadUserInput, "Date #{params[:to]} is in a wrong format"
end
- @notes = @notes.where(:created_at => from..to)
+ @notes = params[:sort] == "created_at" ? @notes.where(:created_at => from..to) : @notes.where(:updated_at => from..to)
end
# Find the notes we want to return
- @notes = @notes.order("updated_at DESC").limit(result_limit).preload(:comments)
+ sort_by = params[:sort_by] == "created_at" ? "created_at" : "updated_at"
+ order_by = params[:order_by] == "ASC" ? "ASC" : "DESC"
+
+ @notes = @notes.order("#{sort_by} #{order_by}").limit(result_limit).preload(:comments)
# Render the result
respond_to do |format|
projects / rails.git / blobdiff