X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/78b9d92207bb215459ecff466c3efe2fa6466ab3..c91bd55222419f4c88c0c4a007a02580837f3dfa:/app/controllers/browse_controller.rb?ds=sidebyside diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb index 50d0ae0a5..db291f6eb 100644 --- a/app/controllers/browse_controller.rb +++ b/app/controllers/browse_controller.rb @@ -5,6 +5,8 @@ class BrowseController < ApplicationController before_action :set_locale before_action -> { check_database_readable(:need_api => true) } before_action :require_oauth + before_action :update_totp, :only => [:query] + before_action :require_moderator_for_unredacted_history, :only => [:relation_history, :way_history, :node_history] around_action :web_timeout authorize_resource :class => false @@ -56,36 +58,11 @@ class BrowseController < ApplicationController render :action => "not_found", :status => :not_found end - def changeset - @type = "changeset" - @changeset = Changeset.find(params[:id]) - @comments = if current_user&.moderator? - @changeset.comments.unscope(:where => :visible).includes(:author) - else - @changeset.comments.includes(:author) - end - @node_pages, @nodes = paginate(:old_nodes, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "node_page") - @way_pages, @ways = paginate(:old_ways, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "way_page") - @relation_pages, @relations = paginate(:old_relations, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "relation_page") - if @changeset.user.active? && @changeset.user.data_public? - @next_by_user = @changeset.user.changesets.where("id > ?", @changeset.id).reorder(:id => :asc).first - @prev_by_user = @changeset.user.changesets.where("id < ?", @changeset.id).reorder(:id => :desc).first - end - rescue ActiveRecord::RecordNotFound - render :action => "not_found", :status => :not_found - end + def query; end - def note - @type = "note" + private - if current_user&.moderator? - @note = Note.find(params[:id]) - @note_comments = @note.comments.unscope(:where => :visible) - else - @note = Note.visible.find(params[:id]) - @note_comments = @note.comments - end - rescue ActiveRecord::RecordNotFound - render :action => "not_found", :status => :not_found + def require_moderator_for_unredacted_history + deny_access(nil) if params[:show_redactions] && !current_user&.moderator? end end