X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/6c225bd01c53ad4cc3429e05c7bb71da3b0a4b7b..bf9dd8f350ca1b54afb79dda79506d980ccb5738:/app/controllers/issues_controller.rb?ds=inline diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index d4e9a3bdf..d136e7230 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -3,8 +3,9 @@ class IssuesController < ApplicationController before_action :authorize_web before_action :set_locale - before_action :require_user - before_action :check_permission + + authorize_resource + before_action :find_issue, :only => [:show, :resolve, :reopen, :ignore] def index @@ -18,7 +19,7 @@ class IssuesController < ApplicationController @issues = Issue.visible_to(current_user) # If search - if params[:search_by_user] && params[:search_by_user].present? + if params[:search_by_user]&.present? @find_user = User.find_by(:display_name => params[:search_by_user]) if @find_user @issues = @issues.where(:reported_user_id => @find_user.id) @@ -28,11 +29,11 @@ class IssuesController < ApplicationController end end - @issues = @issues.where(:status => params[:status]) if params[:status] && params[:status].present? + @issues = @issues.where(:status => params[:status]) if params[:status]&.present? - @issues = @issues.where(:reportable_type => params[:issue_type]) if params[:issue_type] && params[:issue_type].present? + @issues = @issues.where(:reportable_type => params[:issue_type]) if params[:issue_type]&.present? - if params[:last_updated_by] && params[:last_updated_by].present? + if params[:last_updated_by]&.present? last_updated_by = params[:last_updated_by].to_s == "nil" ? nil : params[:last_updated_by].to_i @issues = @issues.where(:updated_by => last_updated_by) end @@ -79,13 +80,8 @@ class IssuesController < ApplicationController private def find_issue - @issue = Issue.find(params[:id]) - end - - def check_permission - unless current_user.administrator? || current_user.moderator? - flash[:error] = t("application.require_moderator_or_admin.not_a_moderator_or_admin") - redirect_to root_path - end + @issue = Issue.visible_to(current_user).find(params[:id]) + rescue ActiveRecord::RecordNotFound + head :not_found end end