X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/8090e086daad67eac711ad6fd6a5eba6f28d44fd..a945fc0fcd4e12691858b4bf181297d9e399dee0:/app/controllers/notes_controller.rb diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index e470bdbea..e037a48c9 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -3,9 +3,13 @@ class NotesController < ApplicationController layout 'site', :only => [:mine] before_filter :check_api_readable - before_filter :authorize_web, :only => [:create, :comment, :close, :destroy, :mine] + before_filter :authorize_web, :only => [:mine] + before_filter :setup_user_auth, :only => [:create, :comment] + before_filter :authorize, :only => [:close, :destroy] + before_filter :require_moderator, :only => [:destroy] before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy] - before_filter :set_locale, :only => [:mine] + before_filter :require_allow_write_notes, :only => [:create, :comment, :close, :destroy] + before_filter :set_locale after_filter :compress_output around_filter :api_call_handle_error, :api_call_timeout @@ -52,7 +56,7 @@ class NotesController < ApplicationController # Check the arguments are sane raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat] raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon] - raise OSM::APIBadUserInput.new("No text was given") unless params[:text] + raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank? # Extract the arguments lon = params[:lon].to_f @@ -191,22 +195,26 @@ class NotesController < ApplicationController # Extract the arguments id = params[:id].to_i + comment = params[:text] # Find the note and check it is valid - note = Note.find(id) - raise OSM::APINotFoundError unless note - raise OSM::APIAlreadyDeletedError.new("note", note.id) unless note.visible? + @note = Note.find(id) + raise OSM::APINotFoundError unless @note + raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? # Mark the note as hidden Note.transaction do - note.status = "hidden" - note.save + @note.status = "hidden" + @note.save - add_comment(note, nil, "hidden") + add_comment(@note, comment, "hidden") end - # Render the result - render :text => "ok\n", :content_type => "text/html" + # Return a copy of the updated note + respond_to do |format| + format.xml { render :action => :show } + format.json { render :action => :show } + end end ##