X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/b19e4241125d449314fc16a586f9fad335f73296..7bb15e02cc0ddd358ff5283fb2e3fbf77ab3fd7a:/app/controllers/notes_controller.rb diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 120b0d17d..036238db1 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -6,9 +6,11 @@ class NotesController < ApplicationController before_action :authorize_web, :only => [:mine] before_action :setup_user_auth, :only => [:create, :comment, :show] before_action :authorize, :only => [:close, :reopen, :destroy] - before_action :require_moderator, :only => [:destroy] + before_action :api_deny_access_handler, :except => [:mine] + + authorize_resource + before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] - before_action :require_allow_write_notes, :only => [:create, :comment, :close, :reopen, :destroy] before_action :set_locale around_action :api_call_handle_error, :api_call_timeout @@ -53,7 +55,7 @@ class NotesController < ApplicationController # Create a new note def create # Check the ACLs - raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip) + raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) # Check the arguments are sane raise OSM::APIBadUserInput, "No lat was given" unless params[:lat] @@ -89,7 +91,7 @@ class NotesController < ApplicationController # Add a comment to an existing note def comment # Check the ACLs - raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip) + raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] @@ -255,23 +257,28 @@ class NotesController < ApplicationController ## # Return a list of notes matching a given string def search - # Filter either by the name or the id of the user - if params[:display_name] - @user = User.find_by(:display_name => params[:display_name]) - raise OSM::APIBadUserInput, "User #{params[:display_name]} not known" unless @user - elsif params[:id] - @user = User.find_by(:id => params[:id]) - raise OSM::APIBadUserInput, "User #{params[:id]} not known" unless @user - end - + # Get the initial set of notes @notes = closed_condition(Note.all) - @notes = @notes.joins(:comments).where(:note_comments => { :author_id => @user }) if @user + # Add any user filter + if params[:display_name] || params[:user] + if params[:display_name] + @user = User.find_by(:display_name => params[:display_name]) + + raise OSM::APIBadUserInput, "User #{params[:display_name]} not known" unless @user + else + @user = User.find_by(:id => params[:user]) + + raise OSM::APIBadUserInput, "User #{params[:user]} not known" unless @user + end - # Filter by a given string + @notes = @notes.joins(:comments).where(:note_comments => { :author_id => @user }) + end + + # Add any text filter @notes = @notes.joins(:comments).where("to_tsvector('english', note_comments.body) @@ plainto_tsquery('english', ?)", params[:q]) if params[:q] - # Filter by a given start date and an optional end date + # Add any date filter if params[:from] begin from = Time.parse(params[:from]) @@ -288,7 +295,8 @@ class NotesController < ApplicationController rescue ArgumentError raise OSM::APIBadUserInput, "Date #{params[:to]} is in a wrong format" end - @notes = @notes.where(:created_at => from .. to) + + @notes = @notes.where(:created_at => from..to) end # Find the notes we want to return @@ -381,7 +389,7 @@ class NotesController < ApplicationController comment = note.comments.create!(attributes) note.comments.map(&:author).uniq.each do |user| - Notifier.note_comment_notification(comment, user).deliver_now if notify && user && user != current_user && user.visible? + Notifier.note_comment_notification(comment, user).deliver_later if notify && user && user != current_user && user.visible? end end end