X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/f11221f05bcdd05edd7a9f97d6d57e7baaeb4921..425f42dd8008d9962c7bee0cadfbdcf33e1f4f95:/app/controllers/notes_controller.rb diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 95566a1a1..036238db1 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -6,9 +6,11 @@ class NotesController < ApplicationController before_action :authorize_web, :only => [:mine] before_action :setup_user_auth, :only => [:create, :comment, :show] before_action :authorize, :only => [:close, :reopen, :destroy] - before_action :require_moderator, :only => [:destroy] + before_action :api_deny_access_handler, :except => [:mine] + + authorize_resource + before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] - before_action :require_allow_write_notes, :only => [:create, :comment, :close, :reopen, :destroy] before_action :set_locale around_action :api_call_handle_error, :api_call_timeout @@ -53,7 +55,7 @@ class NotesController < ApplicationController # Create a new note def create # Check the ACLs - raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip) + raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) # Check the arguments are sane raise OSM::APIBadUserInput, "No lat was given" unless params[:lat] @@ -89,7 +91,7 @@ class NotesController < ApplicationController # Add a comment to an existing note def comment # Check the ACLs - raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip) + raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] @@ -387,7 +389,7 @@ class NotesController < ApplicationController comment = note.comments.create!(attributes) note.comments.map(&:author).uniq.each do |user| - Notifier.note_comment_notification(comment, user).deliver_now if notify && user && user != current_user && user.visible? + Notifier.note_comment_notification(comment, user).deliver_later if notify && user && user != current_user && user.visible? end end end