X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/53817fa9e8d955df0891d156f21b7269b4ed08fc..e272a384cea3d9d7a0a1fba257cc50c730e6aa7b:/app/controllers/api/notes_controller.rb diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index 8a0a82c40..3352c1f69 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -1,6 +1,5 @@ module Api class NotesController < ApiController - before_action :check_api_readable before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :setup_user_auth, :only => [:create, :show] before_action :authorize, :only => [:close, :reopen, :destroy, :comment] @@ -116,12 +115,12 @@ module Api comment = params[:text] # Find the note and check it is valid - @note = Note.find(id) - raise OSM::APINotFoundError unless @note - raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? - - # Mark the note as hidden Note.transaction do + @note = Note.lock.find(id) + raise OSM::APINotFoundError unless @note + raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? + + # Mark the note as hidden @note.status = "hidden" @note.save @@ -147,13 +146,13 @@ module Api comment = params[:text] # Find the note and check it is valid - @note = Note.find(id) - raise OSM::APINotFoundError unless @note - raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? - raise OSM::APINoteAlreadyClosedError, @note if @note.closed? - - # Add a comment to the note Note.transaction do + @note = Note.lock.find(id) + raise OSM::APINotFoundError unless @note + raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? + raise OSM::APINoteAlreadyClosedError, @note if @note.closed? + + # Add a comment to the note add_comment(@note, comment, "commented") end @@ -175,13 +174,13 @@ module Api comment = params[:text] # Find the note and check it is valid - @note = Note.find_by(:id => id) - raise OSM::APINotFoundError unless @note - raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? - raise OSM::APINoteAlreadyClosedError, @note if @note.closed? - - # Close the note and add a comment Note.transaction do + @note = Note.lock.find_by(:id => id) + raise OSM::APINotFoundError unless @note + raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? + raise OSM::APINoteAlreadyClosedError, @note if @note.closed? + + # Close the note and add a comment @note.close add_comment(@note, comment, "closed") @@ -205,13 +204,13 @@ module Api comment = params[:text] # Find the note and check it is valid - @note = Note.find_by(:id => id) - raise OSM::APINotFoundError unless @note - raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator? - raise OSM::APINoteAlreadyOpenError, @note unless @note.closed? || !@note.visible? - - # Reopen the note and add a comment Note.transaction do + @note = Note.lock.find_by(:id => id) + raise OSM::APINotFoundError unless @note + raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator? + raise OSM::APINoteAlreadyOpenError, @note unless @note.closed? || !@note.visible? + + # Reopen the note and add a comment @note.reopen add_comment(@note, comment, "reopened") @@ -386,7 +385,7 @@ module Api def add_comment(note, text, event, notify: true) attributes = { :visible => true, :event => event, :body => text } - if doorkeeper_token || current_token + if doorkeeper_token author = current_user if scope_enabled?(:write_notes) else author = current_user