Use OAuth for notes API calls and require authentication to close

[rails.git] / app / controllers / notes_controller.rb

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index e470bdbea3dd0599c69e43ca110411a01fa27125..b25dc9a9ed777e18e0c2f5bc13cb2efec8320211 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -3,7 +3,9 @@ class NotesController < ApplicationController
   layout 'site', :only => [:mine]
 
   before_filter :check_api_readable
-  before_filter :authorize_web, :only => [:create, :comment, :close, :destroy, :mine]
+  before_filter :authorize_web, :only => [:mine]
+  before_filter :setup_user_auth, :only => [:create, :comment]
+  before_filter :authorize, :only => [:close, :destroy]
   before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy]
   before_filter :set_locale, :only => [:mine]
   after_filter :compress_output
@@ -52,7 +54,7 @@ class NotesController < ApplicationController
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat]
     raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon]
-    raise OSM::APIBadUserInput.new("No text was given") unless params[:text]
+    raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
 
     # Extract the arguments
     lon = params[:lon].to_f