X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/11df872c3e964ad043bd97856da2ff0ddb457503..25ff46c1d76bcb3fc9f9e620a13e160ab8390df9:/app/controllers/api/notes_controller.rb diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index 46b91d445..8a0a82c40 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -18,13 +18,10 @@ module Api # support the old, deprecated, method with four arguments if params[:bbox] bbox = BoundingBox.from_bbox_params(params) - else - raise OSM::APIBadUserInput, "No l was given" unless params[:l] - raise OSM::APIBadUserInput, "No r was given" unless params[:r] - raise OSM::APIBadUserInput, "No b was given" unless params[:b] - raise OSM::APIBadUserInput, "No t was given" unless params[:t] - + elsif params[:l] && params[:r] && params[:b] && params[:t] bbox = BoundingBox.from_lrbt_params(params) + else + raise OSM::APIBadUserInput, "The parameter bbox is required" end # Get any conditions that need to be applied @@ -141,9 +138,6 @@ module Api ## # Add a comment to an existing note def comment - # Check the ACLs - raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) - # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] raise OSM::APIBadUserInput, "No text was given" if params[:text].blank? @@ -392,8 +386,14 @@ module Api def add_comment(note, text, event, notify: true) attributes = { :visible => true, :event => event, :body => text } - if current_user - attributes[:author_id] = current_user.id + if doorkeeper_token || current_token + author = current_user if scope_enabled?(:write_notes) + else + author = current_user + end + + if author + attributes[:author_id] = author.id else attributes[:author_ip] = request.remote_ip end