X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/14936150ac8ab5cb4e8347b772b2c966f2add43f..be9a501296bcb134ae700319155a636385212b64:/app/controllers/api/notes_controller.rb?ds=inline diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index 95466781f..d53059a94 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -1,6 +1,5 @@ module Api class NotesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :setup_user_auth, :only => [:create, :show] before_action :authorize, :only => [:close, :reopen, :destroy, :comment] @@ -138,9 +137,6 @@ module Api ## # Add a comment to an existing note def comment - # Check the ACLs - raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) - # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] raise OSM::APIBadUserInput, "No text was given" if params[:text].blank? @@ -389,8 +385,14 @@ module Api def add_comment(note, text, event, notify: true) attributes = { :visible => true, :event => event, :body => text } - if current_user - attributes[:author_id] = current_user.id + if doorkeeper_token || current_token + author = current_user if scope_enabled?(:write_notes) + else + author = current_user + end + + if author + attributes[:author_id] = author.id else attributes[:author_ip] = request.remote_ip end