X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/4deffa5e4024f53f7ca7191c52c01aaf85ab5f13..5d109919ffc5ac092225a38487a37cd4ecb64048:/app/controllers/changeset_comments_controller.rb diff --git a/app/controllers/changeset_comments_controller.rb b/app/controllers/changeset_comments_controller.rb index 8442a4f36..0b5f6059a 100644 --- a/app/controllers/changeset_comments_controller.rb +++ b/app/controllers/changeset_comments_controller.rb @@ -1,87 +1,11 @@ class ChangesetCommentsController < ApplicationController - skip_before_action :verify_authenticity_token, :except => [:index] - before_action :authorize_web, :only => [:index] - before_action :set_locale, :only => [:index] - before_action :authorize, :only => [:create, :destroy, :restore] - before_action :require_moderator, :only => [:destroy, :restore] - before_action :require_allow_write_api, :only => [:create, :destroy, :restore] - before_action :require_public_data, :only => [:create] - before_action :check_api_writable, :only => [:create, :destroy, :restore] - before_action :check_api_readable, :except => [:create, :index] - before_action(:only => [:index]) { |c| c.check_database_readable(true) } - around_action :api_call_handle_error, :except => [:index] - around_action :api_call_timeout, :except => [:index] - around_action :web_timeout, :only => [:index] + before_action :authorize_web + before_action :set_locale - ## - # Add a comment to a changeset - def create - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - raise OSM::APIBadUserInput, "No text was given" if params[:text].blank? - - # Extract the arguments - id = params[:id].to_i - body = params[:text] - - # Find the changeset and check it is valid - changeset = Changeset.find(id) - raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open? - - # Add a comment to the changeset - comment = changeset.comments.create(:changeset => changeset, - :body => body, - :author => current_user) - - # Notify current subscribers of the new comment - changeset.subscribers.visible.each do |user| - Notifier.changeset_comment_notification(comment, user).deliver_later if current_user != user - end - - # Add the commenter to the subscribers if necessary - changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id) - - # Return a copy of the updated changeset - render :xml => changeset.to_xml.to_s - end - - ## - # Sets visible flag on comment to false - def destroy - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] + authorize_resource - # Extract the arguments - id = params[:id].to_i - - # Find the changeset - comment = ChangesetComment.find(id) - - # Hide the comment - comment.update(:visible => false) - - # Return a copy of the updated changeset - render :xml => comment.changeset.to_xml.to_s - end - - ## - # Sets visible flag on comment to true - def restore - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - - # Extract the arguments - id = params[:id].to_i - - # Find the changeset - comment = ChangesetComment.find(id) - - # Unhide the comment - comment.update(:visible => true) - - # Return a copy of the updated changeset - render :xml => comment.changeset.to_xml.to_s - end + before_action -> { check_database_readable(:need_api => true) } + around_action :web_timeout ## # Get a feed of recent changeset comments