before_action -> { check_database_readable(:need_api => true) }
before_action :require_oauth
before_action :update_totp, :only => [:query]
+ before_action :require_moderator_for_unredacted_history, :only => [:relation_history, :way_history, :node_history]
around_action :web_timeout
authorize_resource :class => false
render :action => "not_found", :status => :not_found
end
- def changeset
- @type = "changeset"
- @changeset = Changeset.find(params[:id])
- @comments = if current_user&.moderator?
- @changeset.comments.unscope(:where => :visible).includes(:author)
- else
- @changeset.comments.includes(:author)
- end
- @node_pages, @nodes = paginate(:old_nodes, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "node_page")
- @way_pages, @ways = paginate(:old_ways, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "way_page")
- @relation_pages, @relations = paginate(:old_relations, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "relation_page")
- if @changeset.user.active? && @changeset.user.data_public?
- @next_by_user = @changeset.user.changesets.where("id > ?", @changeset.id).reorder(:id => :asc).first
- @prev_by_user = @changeset.user.changesets.where("id < ?", @changeset.id).reorder(:id => :desc).first
- end
- rescue ActiveRecord::RecordNotFound
- render :action => "not_found", :status => :not_found
- end
+ def query; end
- def note
- @type = "note"
+ private
- if current_user&.moderator?
- @note = Note.find(params[:id])
- @note_comments = @note.comments.unscope(:where => :visible)
- else
- @note = Note.visible.find(params[:id])
- @note_comments = @note.comments
- end
- rescue ActiveRecord::RecordNotFound
- render :action => "not_found", :status => :not_found
+ def require_moderator_for_unredacted_history
+ deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
end
-
- def query; end
end
projects / rails.git / blobdiff