Create api changeset comment visibility resource

diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb
index 9a7bf254a78fa038c5e0fc2c09e6d10b40b7d867..ef852b69fe72f48cde9434c74235f54fd0fff0a4 100644 (file)
--- a/app/abilities/api_ability.rb
+++ b/app/abilities/api_ability.rb
@@ -40,7 +40,7 @@ class ApiAbility
         end
 
         if user.moderator?
         end
 
         if user.moderator?

-          can [:destroy, :restore], ChangesetComment if scopes.include?("write_changeset_comments")
+          can [:create, :destroy], :changeset_comment_visibility if scopes.include?("write_changeset_comments")

 
           can :destroy, Note if scopes.include?("write_notes")
 
 
           can :destroy, Note if scopes.include?("write_notes")
 

diff --git a/app/controllers/api/changeset_comments/visibilities_controller.rb b/app/controllers/api/changeset_comments/visibilities_controller.rb
new file mode 100644 (file)
index 0000000..397872c
--- /dev/null
+++ b/app/controllers/api/changeset_comments/visibilities_controller.rb
@@ -0,0 +1,60 @@
+module Api
+  module ChangesetComments
+    class VisibilitiesController < ApiController
+      before_action :check_api_writable
+      before_action :authorize
+
+      authorize_resource :class => :changeset_comment_visibility
+
+      before_action :set_request_formats
+
+      ##
+      # Sets visible flag on comment to true
+      def create
+        # Check the arguments are sane
+        raise OSM::APIBadUserInput, "No id was given" unless params[:changeset_comment_id]
+
+        # Extract the arguments
+        changeset_comment_id = params[:changeset_comment_id].to_i
+
+        # Find the changeset
+        comment = ChangesetComment.find(changeset_comment_id)
+
+        # Unhide the comment
+        comment.update(:visible => true)
+
+        # Return a copy of the updated changeset
+        @changeset = comment.changeset
+
+        respond_to do |format|
+          format.xml
+          format.json
+        end
+      end
+
+      ##
+      # Sets visible flag on comment to false
+      def destroy
+        # Check the arguments are sane
+        raise OSM::APIBadUserInput, "No id was given" unless params[:changeset_comment_id]
+
+        # Extract the arguments
+        changeset_comment_id = params[:changeset_comment_id].to_i
+
+        # Find the changeset
+        comment = ChangesetComment.find(changeset_comment_id)
+
+        # Hide the comment
+        comment.update(:visible => false)
+
+        # Return a copy of the updated changeset
+        @changeset = comment.changeset
+
+        respond_to do |format|
+          format.xml
+          format.json
+        end
+      end
+    end
+  end
+end

diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb
index 86abff265e7da0794b1db2b62087b4bc89e1bacb..2f4a361baa47b58f5f44f9ca0aa6db45359a403e 100644 (file)
--- a/app/controllers/api/changeset_comments_controller.rb
+++ b/app/controllers/api/changeset_comments_controller.rb
@@ -59,56 +59,6 @@ module Api
       end
     end
 
       end
     end
 

-    ##
-    # Sets visible flag on comment to false
-    def destroy
-      # Check the arguments are sane
-      raise OSM::APIBadUserInput, "No id was given" unless params[:id]
-
-      # Extract the arguments
-      id = params[:id].to_i
-
-      # Find the changeset
-      comment = ChangesetComment.find(id)
-
-      # Hide the comment
-      comment.update(:visible => false)
-
-      # Return a copy of the updated changeset
-      @changeset = comment.changeset
-      render "api/changesets/show"
-
-      respond_to do |format|
-        format.xml
-        format.json
-      end
-    end
-
-    ##
-    # Sets visible flag on comment to true
-    def restore
-      # Check the arguments are sane
-      raise OSM::APIBadUserInput, "No id was given" unless params[:id]
-
-      # Extract the arguments
-      id = params[:id].to_i
-
-      # Find the changeset
-      comment = ChangesetComment.find(id)
-
-      # Unhide the comment
-      comment.update(:visible => true)
-
-      # Return a copy of the updated changeset
-      @changeset = comment.changeset
-      render "api/changesets/show"
-
-      respond_to do |format|
-        format.xml
-        format.json
-      end
-    end
-

     private
 
     ##
     private
 
     ##

diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb
index 517cff47326d28853cacd96416c718c8b5d81b69..7f0ee1276752d8b986ff3ab0d7b274c6ae657886 100644 (file)
--- a/app/controllers/api/changesets_controller.rb
+++ b/app/controllers/api/changesets_controller.rb
@@ -63,7 +63,7 @@ module Api
       @changeset = Changeset.find(params[:id])
       if params[:include_discussion].presence
         @comments = @changeset.comments
       @changeset = Changeset.find(params[:id])
       if params[:include_discussion].presence
         @comments = @changeset.comments

-        @comments = @comments.unscope(:where => :visible) if params[:show_hidden_comments].presence && can?(:restore, ChangesetComment)
+        @comments = @comments.unscope(:where => :visible) if params[:show_hidden_comments].presence && can?(:create, :changeset_comment_visibility)

         @comments = @comments.includes(:author)
       end
 
         @comments = @comments.includes(:author)
       end
 

diff --git a/app/views/api/changeset_comments/visibilities/create.json.jbuilder b/app/views/api/changeset_comments/visibilities/create.json.jbuilder
new file mode 100644 (file)
index 0000000..c245cd1
--- /dev/null
+++ b/app/views/api/changeset_comments/visibilities/create.json.jbuilder
@@ -0,0 +1,5 @@
+json.partial! "api/root_attributes"
+
+json.changeset do
+  json.partial! "api/changesets/changeset", :changeset => @changeset
+end

diff --git a/app/views/api/changeset_comments/visibilities/create.xml.builder b/app/views/api/changeset_comments/visibilities/create.xml.builder
new file mode 100644 (file)
index 0000000..84892f7
--- /dev/null
+++ b/app/views/api/changeset_comments/visibilities/create.xml.builder
@@ -0,0 +1,5 @@
+xml.instruct! :xml, :version => "1.0"
+
+xml.osm(OSM::API.new.xml_root_attributes) do |osm|
+  osm << render(:partial => "api/changesets/changeset", :object => @changeset)
+end

diff --git a/app/views/api/changeset_comments/visibilities/destroy.json.jbuilder b/app/views/api/changeset_comments/visibilities/destroy.json.jbuilder
new file mode 100644 (file)
index 0000000..c245cd1
--- /dev/null
+++ b/app/views/api/changeset_comments/visibilities/destroy.json.jbuilder
@@ -0,0 +1,5 @@
+json.partial! "api/root_attributes"
+
+json.changeset do
+  json.partial! "api/changesets/changeset", :changeset => @changeset
+end

diff --git a/app/views/api/changeset_comments/visibilities/destroy.xml.builder b/app/views/api/changeset_comments/visibilities/destroy.xml.builder
new file mode 100644 (file)
index 0000000..84892f7
--- /dev/null
+++ b/app/views/api/changeset_comments/visibilities/destroy.xml.builder
@@ -0,0 +1,5 @@
+xml.instruct! :xml, :version => "1.0"
+
+xml.osm(OSM::API.new.xml_root_attributes) do |osm|
+  osm << render(:partial => "api/changesets/changeset", :object => @changeset)
+end

diff --git a/app/views/changesets/show.html.erb b/app/views/changesets/show.html.erb
index 3f0d08476da73f7d00745401ea3e95212cdd3d56..70b1877b5a0bb4789001e5d2ef9ebdb4a470f502 100644 (file)
--- a/app/views/changesets/show.html.erb
+++ b/app/views/changesets/show.html.erb
@@ -49,8 +49,8 @@
               —
               <%= tag.button t(".#{comment.visible ? 'hide' : 'unhide'}_comment"),
                              :class => "btn btn-sm small btn-link link-secondary p-0 align-baseline",
               —
               <%= tag.button t(".#{comment.visible ? 'hide' : 'unhide'}_comment"),
                              :class => "btn btn-sm small btn-link link-secondary p-0 align-baseline",

-                             :data => { :method => "POST",
-                                        :url => comment.visible ? changeset_comment_hide_url(comment) : changeset_comment_unhide_url(comment) } %>
+                             :data => { :method => comment.visible ? "DELETE" : "POST",
+                                        :url => api_changeset_comment_visibility_path(comment) } %>

             <% end %>
           </small>
           <div class="mx-2">
             <% end %>
           </small>
           <div class="mx-2">

diff --git a/config/routes.rb b/config/routes.rb
index 7d200da867ac8512d4931f5e3f45a83b340d4a79..3f4a12bd782e058360439c44e3c3ac30bdb15c48 100644 (file)
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -21,8 +21,6 @@ OpenStreetMap::Application.routes.draw do
     post "changeset/:id/subscribe" => "changesets#subscribe", :as => :api_changeset_subscribe, :id => /\d+/
     post "changeset/:id/unsubscribe" => "changesets#unsubscribe", :as => :api_changeset_unsubscribe, :id => /\d+/
     put "changeset/:id/close" => "changesets#close", :as => :changeset_close, :id => /\d+/
     post "changeset/:id/subscribe" => "changesets#subscribe", :as => :api_changeset_subscribe, :id => /\d+/
     post "changeset/:id/unsubscribe" => "changesets#unsubscribe", :as => :api_changeset_unsubscribe, :id => /\d+/
     put "changeset/:id/close" => "changesets#close", :as => :changeset_close, :id => /\d+/

-    post "changeset/comment/:id/hide" => "changeset_comments#destroy", :as => :changeset_comment_hide, :id => /\d+/
-    post "changeset/comment/:id/unhide" => "changeset_comments#restore", :as => :changeset_comment_unhide, :id => /\d+/

   end
 
   namespace :api, :path => "api/0.6" do
   end
 
   namespace :api, :path => "api/0.6" do


@@ -33,7 +31,11 @@ OpenStreetMap::Application.routes.draw do
     end
     put "changeset/create" => "changesets#create", :as => nil
 
     end
     put "changeset/create" => "changesets#create", :as => nil
 

-    resources :changeset_comments, :only => :index
+    resources :changeset_comments, :id => /\d+/, :only => :index do
+      resource :visibility, :module => :changeset_comments, :only => [:create, :destroy]
+    end
+    post "changeset/comment/:changeset_comment_id/unhide" => "changeset_comments/visibilities#create", :changeset_comment_id => /\d+/, :as => nil
+    post "changeset/comment/:changeset_comment_id/hide" => "changeset_comments/visibilities#destroy", :changeset_comment_id => /\d+/, :as => nil

 
     resources :nodes, :only => [:index, :create]
     resources :nodes, :path => "node", :id => /\d+/, :only => [:show, :update, :destroy] do
 
     resources :nodes, :only => [:index, :create]
     resources :nodes, :path => "node", :id => /\d+/, :only => [:show, :update, :destroy] do

diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb
index 58c8f7fe7141f95fee59b393beb65fc74dbe1d87..0945b6290045a444b6c35e163a968819fd6a88cc 100644 (file)
--- a/test/abilities/api_capability_test.rb
+++ b/test/abilities/api_capability_test.rb
@@ -8,9 +8,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     scopes = Set.new
     ability = ApiAbility.new user, scopes
 
     scopes = Set.new
     ability = ApiAbility.new user, scopes
 

-    [:create, :destroy, :restore].each do |action|
-      assert ability.cannot? action, ChangesetComment
-    end
+    assert ability.cannot? :create, ChangesetComment
+    assert ability.cannot? :create, :changeset_comment_visibility
+    assert ability.cannot? :destroy, :changeset_comment_visibility

   end
 
   test "as a normal user with write_changeset_comments scope" do
   end
 
   test "as a normal user with write_changeset_comments scope" do


@@ -18,13 +18,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 
     scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 

-    [:destroy, :restore].each do |action|
-      assert ability.cannot? action, ChangesetComment
-    end
-
-    [:create].each do |action|
-      assert ability.can? action, ChangesetComment
-    end
+    assert ability.can? :create, ChangesetComment
+    assert ability.cannot? :create, :changeset_comment_visibility
+    assert ability.cannot? :destroy, :changeset_comment_visibility

   end
 
   test "as a moderator without scopes" do
   end
 
   test "as a moderator without scopes" do


@@ -32,9 +28,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     scopes = Set.new
     ability = ApiAbility.new user, scopes
 
     scopes = Set.new
     ability = ApiAbility.new user, scopes
 

-    [:create, :destroy, :restore].each do |action|
-      assert ability.cannot? action, ChangesetComment
-    end
+    assert ability.cannot? :create, ChangesetComment
+    assert ability.cannot? :create, :changeset_comment_visibility
+    assert ability.cannot? :destroy, :changeset_comment_visibility

   end
 
   test "as a moderator with write_changeset_comments scope" do
   end
 
   test "as a moderator with write_changeset_comments scope" do


@@ -42,9 +38,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 
     scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 

-    [:create, :destroy, :restore].each do |action|
-      assert ability.can? action, ChangesetComment
-    end
+    assert ability.can? :create, ChangesetComment
+    assert ability.can? :create, :changeset_comment_visibility
+    assert ability.can? :destroy, :changeset_comment_visibility

   end
 end
 
   end
 end
 

diff --git a/test/controllers/api/changeset_comments/visibilities_controller_test.rb b/test/controllers/api/changeset_comments/visibilities_controller_test.rb
new file mode 100644 (file)
index 0000000..97ac9f3
--- /dev/null
+++ b/test/controllers/api/changeset_comments/visibilities_controller_test.rb
@@ -0,0 +1,255 @@
+require "test_helper"
+
+module Api
+  module ChangesetComments
+    class VisibilitiesControllerTest < ActionDispatch::IntegrationTest
+      ##
+      # test all routes which lead to this controller
+      def test_routes
+        assert_routing(
+          { :path => "/api/0.6/changeset_comments/1/visibility", :method => :post },
+          { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" }
+        )
+        assert_routing(
+          { :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :post },
+          { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" }
+        )
+        assert_routing(
+          { :path => "/api/0.6/changeset_comments/1/visibility", :method => :delete },
+          { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" }
+        )
+        assert_routing(
+          { :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :delete },
+          { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" }
+        )
+
+        assert_recognizes(
+          { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" },
+          { :path => "/api/0.6/changeset/comment/1/unhide", :method => :post }
+        )
+        assert_recognizes(
+          { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" },
+          { :path => "/api/0.6/changeset/comment/1/unhide.json", :method => :post }
+        )
+        assert_recognizes(
+          { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" },
+          { :path => "/api/0.6/changeset/comment/1/hide", :method => :post }
+        )
+        assert_recognizes(
+          { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" },
+          { :path => "/api/0.6/changeset/comment/1/hide.json", :method => :post }
+        )
+      end
+
+      def test_create_by_unauthorized
+        comment = create(:changeset_comment, :visible => false)
+
+        post api_changeset_comment_visibility_path(comment)
+
+        assert_response :unauthorized
+        assert_not comment.reload.visible
+      end
+
+      def test_create_by_normal_user
+        comment = create(:changeset_comment, :visible => false)
+        auth_header = bearer_authorization_header
+
+        post api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :forbidden
+        assert_not comment.reload.visible
+      end
+
+      def test_create_on_missing_comment
+        auth_header = bearer_authorization_header create(:moderator_user)
+
+        post api_changeset_comment_visibility_path(999111), :headers => auth_header
+
+        assert_response :not_found
+      end
+
+      def test_create_without_required_scope
+        comment = create(:changeset_comment, :visible => false)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
+
+        post api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :forbidden
+        assert_not comment.reload.visible
+      end
+
+      def test_create_with_write_changeset_comments_scope
+        comment = create(:changeset_comment, :visible => false)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
+
+        post api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :success
+        assert_equal "application/xml", response.media_type
+        assert_dom "osm", 1 do
+          assert_dom "> changeset", 1 do
+            assert_dom "> @id", comment.changeset_id.to_s
+            assert_dom "> @comments_count", "1"
+          end
+        end
+
+        assert comment.reload.visible
+      end
+
+      def test_create_with_write_changeset_comments_scope_json
+        comment = create(:changeset_comment, :visible => false)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
+
+        post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
+
+        assert_response :success
+        assert_equal "application/json", response.media_type
+        js = ActiveSupport::JSON.decode(@response.body)
+        assert_not_nil js["changeset"]
+        assert_equal comment.changeset_id, js["changeset"]["id"]
+        assert_equal 1, js["changeset"]["comments_count"]
+
+        assert comment.reload.visible
+      end
+
+      def test_create_with_write_api_scope
+        comment = create(:changeset_comment, :visible => false)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
+
+        post api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :success
+        assert_equal "application/xml", response.media_type
+        assert_dom "osm", 1 do
+          assert_dom "> changeset", 1 do
+            assert_dom "> @id", comment.changeset_id.to_s
+            assert_dom "> @comments_count", "1"
+          end
+        end
+
+        assert comment.reload.visible
+      end
+
+      def test_create_with_write_api_scope_json
+        comment = create(:changeset_comment, :visible => false)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
+
+        post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
+
+        assert_response :success
+        js = ActiveSupport::JSON.decode(@response.body)
+        assert_equal "application/json", response.media_type
+        assert_not_nil js["changeset"]
+        assert_equal comment.changeset_id, js["changeset"]["id"]
+        assert_equal 1, js["changeset"]["comments_count"]
+
+        assert comment.reload.visible
+      end
+
+      def test_destroy_by_unauthorized
+        comment = create(:changeset_comment)
+
+        delete api_changeset_comment_visibility_path(comment)
+
+        assert_response :unauthorized
+        assert comment.reload.visible
+      end
+
+      def test_destroy_by_normal_user
+        comment = create(:changeset_comment)
+        auth_header = bearer_authorization_header
+
+        delete api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :forbidden
+        assert comment.reload.visible
+      end
+
+      def test_destroy_on_missing_comment
+        auth_header = bearer_authorization_header create(:moderator_user)
+
+        delete api_changeset_comment_visibility_path(999111), :headers => auth_header
+
+        assert_response :not_found
+      end
+
+      def test_destroy_without_required_scope
+        comment = create(:changeset_comment)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
+
+        delete api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :forbidden
+        assert comment.reload.visible
+      end
+
+      def test_destroy_with_write_changeset_comments_scope
+        comment = create(:changeset_comment)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
+
+        delete api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :success
+        assert_equal "application/xml", response.media_type
+        assert_dom "osm", 1 do
+          assert_dom "> changeset", 1 do
+            assert_dom "> @id", comment.changeset_id.to_s
+            assert_dom "> @comments_count", "0"
+          end
+        end
+
+        assert_not comment.reload.visible
+      end
+
+      def test_destroy_with_write_changeset_comments_scope_json
+        comment = create(:changeset_comment)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
+
+        delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
+
+        assert_response :success
+        assert_equal "application/json", response.media_type
+        js = ActiveSupport::JSON.decode(@response.body)
+        assert_not_nil js["changeset"]
+        assert_equal comment.changeset_id, js["changeset"]["id"]
+        assert_equal 0, js["changeset"]["comments_count"]
+
+        assert_not comment.reload.visible
+      end
+
+      def test_destroy_with_write_api_scope
+        comment = create(:changeset_comment)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
+
+        delete api_changeset_comment_visibility_path(comment), :headers => auth_header
+
+        assert_response :success
+        assert_equal "application/xml", response.media_type
+        assert_dom "osm", 1 do
+          assert_dom "> changeset", 1 do
+            assert_dom "> @id", comment.changeset_id.to_s
+            assert_dom "> @comments_count", "0"
+          end
+        end
+
+        assert_not comment.reload.visible
+      end
+
+      def test_destroy_with_write_api_scope_json
+        comment = create(:changeset_comment)
+        auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
+
+        delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
+
+        assert_response :success
+        assert_equal "application/json", response.media_type
+        js = ActiveSupport::JSON.decode(@response.body)
+        assert_not_nil js["changeset"]
+        assert_equal comment.changeset_id, js["changeset"]["id"]
+        assert_equal 0, js["changeset"]["comments_count"]
+
+        assert_not comment.reload.visible
+      end
+    end
+  end
+end

diff --git a/test/controllers/api/changeset_comments_controller_test.rb b/test/controllers/api/changeset_comments_controller_test.rb
index fcb53600e269971be2550396f4a4d4825bf7347c..b16ea4502120a02e5be5024a38ade2b631467d7e 100644 (file)
--- a/test/controllers/api/changeset_comments_controller_test.rb
+++ b/test/controllers/api/changeset_comments_controller_test.rb
@@ -21,22 +21,6 @@ module Api
         { :path => "/api/0.6/changeset/1/comment.json", :method => :post },
         { :controller => "api/changeset_comments", :action => "create", :changeset_id => "1", :format => "json" }
       )
         { :path => "/api/0.6/changeset/1/comment.json", :method => :post },
         { :controller => "api/changeset_comments", :action => "create", :changeset_id => "1", :format => "json" }
       )

-      assert_routing(
-        { :path => "/api/0.6/changeset/comment/1/hide", :method => :post },
-        { :controller => "api/changeset_comments", :action => "destroy", :id => "1" }
-      )
-      assert_routing(
-        { :path => "/api/0.6/changeset/comment/1/hide.json", :method => :post },
-        { :controller => "api/changeset_comments", :action => "destroy", :id => "1", :format => "json" }
-      )
-      assert_routing(
-        { :path => "/api/0.6/changeset/comment/1/unhide", :method => :post },
-        { :controller => "api/changeset_comments", :action => "restore", :id => "1" }
-      )
-      assert_routing(
-        { :path => "/api/0.6/changeset/comment/1/unhide.json", :method => :post },
-        { :controller => "api/changeset_comments", :action => "restore", :id => "1", :format => "json" }
-      )

     end
 
     def test_index
     end
 
     def test_index


@@ -353,216 +337,6 @@ module Api
       end
     end
 
       end
     end
 

-    def test_hide_by_unauthorized
-      comment = create(:changeset_comment)
-
-      post changeset_comment_hide_path(comment)
-
-      assert_response :unauthorized
-      assert comment.reload.visible
-    end
-
-    def test_hide_by_normal_user
-      comment = create(:changeset_comment)
-      auth_header = bearer_authorization_header
-
-      post changeset_comment_hide_path(comment), :headers => auth_header
-
-      assert_response :forbidden
-      assert comment.reload.visible
-    end
-
-    def test_hide_missing_comment
-      auth_header = bearer_authorization_header create(:moderator_user)
-
-      post changeset_comment_hide_path(999111), :headers => auth_header
-
-      assert_response :not_found
-    end
-
-    def test_hide_without_required_scope
-      comment = create(:changeset_comment)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
-
-      post changeset_comment_hide_path(comment), :headers => auth_header
-
-      assert_response :forbidden
-      assert comment.reload.visible
-    end
-
-    def test_hide_with_write_changeset_comments_scope
-      comment = create(:changeset_comment)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
-
-      post changeset_comment_hide_path(comment), :headers => auth_header
-
-      assert_response :success
-      assert_equal "application/xml", response.media_type
-      assert_dom "osm", 1 do
-        assert_dom "> changeset", 1 do
-          assert_dom "> @id", comment.changeset_id.to_s
-          assert_dom "> @comments_count", "0"
-        end
-      end
-
-      assert_not comment.reload.visible
-    end
-
-    def test_hide_with_write_changeset_comments_scope_json
-      comment = create(:changeset_comment)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
-
-      post changeset_comment_hide_path(comment, :format => "json"), :headers => auth_header
-
-      assert_response :success
-      assert_equal "application/json", response.media_type
-      js = ActiveSupport::JSON.decode(@response.body)
-      assert_not_nil js["changeset"]
-      assert_equal comment.changeset_id, js["changeset"]["id"]
-      assert_equal 0, js["changeset"]["comments_count"]
-
-      assert_not comment.reload.visible
-    end
-
-    def test_hide_with_write_api_scope
-      comment = create(:changeset_comment)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
-
-      post changeset_comment_hide_path(comment), :headers => auth_header
-
-      assert_response :success
-      assert_equal "application/xml", response.media_type
-      assert_dom "osm", 1 do
-        assert_dom "> changeset", 1 do
-          assert_dom "> @id", comment.changeset_id.to_s
-          assert_dom "> @comments_count", "0"
-        end
-      end
-
-      assert_not comment.reload.visible
-    end
-
-    def test_hide_with_write_api_scope_json
-      comment = create(:changeset_comment)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
-
-      post changeset_comment_hide_path(comment, :format => "json"), :headers => auth_header
-
-      assert_response :success
-      assert_equal "application/json", response.media_type
-      js = ActiveSupport::JSON.decode(@response.body)
-      assert_not_nil js["changeset"]
-      assert_equal comment.changeset_id, js["changeset"]["id"]
-      assert_equal 0, js["changeset"]["comments_count"]
-
-      assert_not comment.reload.visible
-    end
-
-    def test_unhide_by_unauthorized
-      comment = create(:changeset_comment, :visible => false)
-
-      post changeset_comment_unhide_path(comment)
-
-      assert_response :unauthorized
-      assert_not comment.reload.visible
-    end
-
-    def test_unhide_by_normal_user
-      comment = create(:changeset_comment, :visible => false)
-      auth_header = bearer_authorization_header
-
-      post changeset_comment_unhide_path(comment), :headers => auth_header
-
-      assert_response :forbidden
-      assert_not comment.reload.visible
-    end
-
-    def test_unhide_missing_comment
-      auth_header = bearer_authorization_header create(:moderator_user)
-
-      post changeset_comment_unhide_path(999111), :headers => auth_header
-
-      assert_response :not_found
-    end
-
-    def test_unhide_without_required_scope
-      comment = create(:changeset_comment, :visible => false)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
-
-      post changeset_comment_unhide_path(comment), :headers => auth_header
-
-      assert_response :forbidden
-      assert_not comment.reload.visible
-    end
-
-    def test_unhide_with_write_changeset_comments_scope
-      comment = create(:changeset_comment, :visible => false)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
-
-      post changeset_comment_unhide_path(comment), :headers => auth_header
-
-      assert_response :success
-      assert_equal "application/xml", response.media_type
-      assert_dom "osm", 1 do
-        assert_dom "> changeset", 1 do
-          assert_dom "> @id", comment.changeset_id.to_s
-          assert_dom "> @comments_count", "1"
-        end
-      end
-
-      assert comment.reload.visible
-    end
-
-    def test_unhide_with_write_changeset_comments_scope_json
-      comment = create(:changeset_comment, :visible => false)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
-
-      post changeset_comment_unhide_path(comment, :format => "json"), :headers => auth_header
-
-      assert_response :success
-      assert_equal "application/json", response.media_type
-      js = ActiveSupport::JSON.decode(@response.body)
-      assert_not_nil js["changeset"]
-      assert_equal comment.changeset_id, js["changeset"]["id"]
-      assert_equal 1, js["changeset"]["comments_count"]
-
-      assert comment.reload.visible
-    end
-
-    def test_unhide_with_write_api_scope
-      comment = create(:changeset_comment, :visible => false)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
-
-      post changeset_comment_unhide_path(comment), :headers => auth_header
-
-      assert_response :success
-      assert_equal "application/xml", response.media_type
-      assert_dom "osm", 1 do
-        assert_dom "> changeset", 1 do
-          assert_dom "> @id", comment.changeset_id.to_s
-          assert_dom "> @comments_count", "1"
-        end
-      end
-
-      assert comment.reload.visible
-    end
-
-    def test_unhide_with_write_api_scope_json
-      comment = create(:changeset_comment, :visible => false)
-      auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
-
-      post changeset_comment_unhide_path(comment, :format => "json"), :headers => auth_header
-
-      assert_response :success
-      js = ActiveSupport::JSON.decode(@response.body)
-      assert_equal "application/json", response.media_type
-      assert_not_nil js["changeset"]
-      assert_equal comment.changeset_id, js["changeset"]["id"]
-      assert_equal 1, js["changeset"]["comments_count"]
-
-      assert comment.reload.visible
-    end
-

     private
 
     ##
     private
 
     ##