X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/76bc5eba0617e36ebb853d24212543d0e1d4904d..d0089f0ce81ef10ca7ed43969d83d8b77014fa11:/app/controllers/notes_controller.rb diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 853072b7b..9d156ea1d 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -4,7 +4,7 @@ class NotesController < ApplicationController skip_before_action :verify_authenticity_token, :except => [:mine] before_action :check_api_readable before_action :authorize_web, :only => [:mine] - before_action :setup_user_auth, :only => [:create, :comment] + before_action :setup_user_auth, :only => [:create, :comment, :show] before_action :authorize, :only => [:close, :reopen, :destroy] before_action :require_moderator, :only => [:destroy] before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] @@ -211,7 +211,7 @@ class NotesController < ApplicationController # Find the note and check it is valid @note = Note.find(params[:id]) raise OSM::APINotFoundError unless @note - raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? + raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || (current_user && current_user.moderator?) # Render the result respond_to do |format|