From 037bafcd1ca8494f25ded9fbad422c41f349889c Mon Sep 17 00:00:00 2001
From: Anton Khorev <tony29@yandex.ru>
Date: Sat, 15 Feb 2025 03:34:53 +0300
Subject: [PATCH] Check user instead of scope when getting note author info

Previously it was possible to create a note while authorized but having no write_notes scope. Currently it's not possible.
---
 app/controllers/api/notes_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb
index bc4d2eaf2..a0095d954 100644
--- a/app/controllers/api/notes_controller.rb
+++ b/app/controllers/api/notes_controller.rb
@@ -387,7 +387,7 @@ module Api
     ##
     # Get author's information (for logged in users - user_id, for logged out users - IP address)
     def author_info
-      if scope_enabled?(:write_notes)
+      if current_user
         { :user_id => current_user.id }
       else
         { :user_ip => request.remote_ip }
-- 
2.39.5