From 1aa0e35a7a3d9a4ff8090f5a618babbd2a452757 Mon Sep 17 00:00:00 2001 From: Frederik Ramm Date: Tue, 17 Jul 2018 12:41:49 +0200 Subject: [PATCH] do not allow anonymous users to comment on notes --- app/controllers/notes_controller.rb | 2 +- app/views/browse/note.html.erb | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 853072b7b..0f0e30f20 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -5,7 +5,7 @@ class NotesController < ApplicationController before_action :check_api_readable before_action :authorize_web, :only => [:mine] before_action :setup_user_auth, :only => [:create, :comment] - before_action :authorize, :only => [:close, :reopen, :destroy] + before_action :authorize, :only => [:close, :reopen, :destroy, :comment] before_action :require_moderator, :only => [:destroy] before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] before_action :require_allow_write_notes, :only => [:create, :comment, :close, :reopen, :destroy] diff --git a/app/views/browse/note.html.erb b/app/views/browse/note.html.erb index 53ea0759e..3032d9406 100644 --- a/app/views/browse/note.html.erb +++ b/app/views/browse/note.html.erb @@ -41,18 +41,18 @@ <% end %> <% if @note.status == "open" %> -
- -
- <% if current_user and current_user.moderator? -%> + <% if current_user -%> + + +
+ <% if current_user.moderator? -%> <% end -%> - <% if current_user -%> - - <% end -%> +
+ <% end -%> <% else %>
-- 2.39.5