X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/aaf56003427cfcbd89fda0847726fd0baa34050c..5841813b82380c13ad4cfd2d652ce3bfeedff488:/app/controllers/changeset_comments_controller.rb diff --git a/app/controllers/changeset_comments_controller.rb b/app/controllers/changeset_comments_controller.rb index a3023af3e..637ac7be6 100644 --- a/app/controllers/changeset_comments_controller.rb +++ b/app/controllers/changeset_comments_controller.rb @@ -1,89 +1,11 @@ class ChangesetCommentsController < ApplicationController - skip_before_action :verify_authenticity_token, :except => [:index] - before_action :authorize_web, :only => [:index] - before_action :set_locale, :only => [:index] - before_action :authorize, :only => [:create, :destroy, :restore] - before_action :api_deny_access_handler, :only => [:create, :destroy, :restore] + before_action :authorize_web + before_action :set_locale authorize_resource - before_action :require_public_data, :only => [:create] - before_action :check_api_writable, :only => [:create, :destroy, :restore] - before_action :check_api_readable, :except => [:create, :index] - before_action(:only => [:index]) { |c| c.check_database_readable(true) } - around_action :api_call_handle_error, :except => [:index] - around_action :api_call_timeout, :except => [:index] - around_action :web_timeout, :only => [:index] - - ## - # Add a comment to a changeset - def create - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - raise OSM::APIBadUserInput, "No text was given" if params[:text].blank? - - # Extract the arguments - id = params[:id].to_i - body = params[:text] - - # Find the changeset and check it is valid - changeset = Changeset.find(id) - raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open? - - # Add a comment to the changeset - comment = changeset.comments.create(:changeset => changeset, - :body => body, - :author => current_user) - - # Notify current subscribers of the new comment - changeset.subscribers.visible.each do |user| - Notifier.changeset_comment_notification(comment, user).deliver_later if current_user != user - end - - # Add the commenter to the subscribers if necessary - changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id) - - # Return a copy of the updated changeset - render :xml => changeset.to_xml.to_s - end - - ## - # Sets visible flag on comment to false - def destroy - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - - # Extract the arguments - id = params[:id].to_i - - # Find the changeset - comment = ChangesetComment.find(id) - - # Hide the comment - comment.update(:visible => false) - - # Return a copy of the updated changeset - render :xml => comment.changeset.to_xml.to_s - end - - ## - # Sets visible flag on comment to true - def restore - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - - # Extract the arguments - id = params[:id].to_i - - # Find the changeset - comment = ChangesetComment.find(id) - - # Unhide the comment - comment.update(:visible => true) - - # Return a copy of the updated changeset - render :xml => comment.changeset.to_xml.to_s - end + before_action -> { check_database_readable(:need_api => true) } + around_action :web_timeout ## # Get a feed of recent changeset comments @@ -96,7 +18,7 @@ class ChangesetCommentsController < ApplicationController changeset = Changeset.find(id) # Return comments for this changeset only - @comments = changeset.comments.includes(:author, :changeset).limit(comments_limit) + @comments = changeset.comments.includes(:author, :changeset).reverse_order.limit(comments_limit) else # Return comments @comments = ChangesetComment.includes(:author, :changeset).where(:visible => true).order("created_at DESC").limit(comments_limit).preload(:changeset)