X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/63221710a4b9ce4c282aab751b35581908e45852..642070f1e5dee82077676aa300ff47fbac11c506:/app/controllers/browse_controller.rb

diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb
index 50d0ae0a5..e842d4872 100644
--- a/app/controllers/browse_controller.rb
+++ b/app/controllers/browse_controller.rb
@@ -5,6 +5,8 @@ class BrowseController < ApplicationController
   before_action :set_locale
   before_action -> { check_database_readable(:need_api => true) }
   before_action :require_oauth
+  before_action :update_totp, :only => [:query]
+  before_action :require_moderator_for_unredacted_history, :only => [:relation_history, :way_history, :node_history]
   around_action :web_timeout
   authorize_resource :class => false
 
@@ -75,17 +77,11 @@ class BrowseController < ApplicationController
     render :action => "not_found", :status => :not_found
   end
 
-  def note
-    @type = "note"
+  def query; end
 
-    if current_user&.moderator?
-      @note = Note.find(params[:id])
-      @note_comments = @note.comments.unscope(:where => :visible)
-    else
-      @note = Note.visible.find(params[:id])
-      @note_comments = @note.comments
-    end
-  rescue ActiveRecord::RecordNotFound
-    render :action => "not_found", :status => :not_found
+  private
+
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
   end
 end