skip_before_action :verify_authenticity_token, :except => [:mine]
before_action :check_api_readable
before_action :authorize_web, :only => [:mine]
- before_action :setup_user_auth, :only => [:create, :comment]
+ before_action :setup_user_auth, :only => [:create, :comment, :show]
before_action :authorize, :only => [:close, :reopen, :destroy]
before_action :require_moderator, :only => [:destroy]
before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
# Find the note and check it is valid
@note = Note.find(params[:id])
raise OSM::APINotFoundError unless @note
- raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+ raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || (current_user && current_user.moderator?)
# Render the result
respond_to do |format|
assert_equal "This is a hide comment", js["properties"]["comments"].last["text"]
assert_equal moderator_user.display_name, js["properties"]["comments"].last["user"]
+ get :show, :params => { :id => open_note_with_comment.id, :format => "json" }
+ assert_response :success
+
+ basic_authorization user.email, "test"
get :show, :params => { :id => open_note_with_comment.id, :format => "json" }
assert_response :gone
end