From: Tom Hughes Date: Sat, 7 Jan 2023 15:20:22 +0000 (+0000) Subject: Add database checks to issue and report controllers X-Git-Tag: live~1328^2 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/a11924021629cfb80b68ec743a0eca9a2c1616e4?hp=2ee5a63eaddc2917328bacf7feb90b0c8b1933b1 Add database checks to issue and report controllers Fixes #3875 --- diff --git a/app/controllers/issue_comments_controller.rb b/app/controllers/issue_comments_controller.rb index 7b935665f..7edef184e 100644 --- a/app/controllers/issue_comments_controller.rb +++ b/app/controllers/issue_comments_controller.rb @@ -3,9 +3,12 @@ class IssueCommentsController < ApplicationController before_action :authorize_web before_action :set_locale + before_action :check_database_readable authorize_resource + before_action :check_database_writable, :only => [:create] + def create @issue = Issue.find(params[:issue_id]) comment = @issue.comments.build(issue_comment_params) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 10a6dc09b..b253ec5e1 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -3,10 +3,12 @@ class IssuesController < ApplicationController before_action :authorize_web before_action :set_locale + before_action :check_database_readable authorize_resource before_action :find_issue, :only => [:show, :resolve, :reopen, :ignore] + before_action :check_database_writable, :only => [:resolve, :ignore, :reopen] def index @title = t ".title" diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb index 6d05e6a57..5c70d9704 100644 --- a/app/controllers/reports_controller.rb +++ b/app/controllers/reports_controller.rb @@ -3,9 +3,12 @@ class ReportsController < ApplicationController before_action :authorize_web before_action :set_locale + before_action :check_database_readable authorize_resource + before_action :check_database_writable, :only => [:new, :create] + def new if required_new_report_params_present? @report = Report.new