]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/old_nodes_controller.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't show unredacted element versions to non-moderators
[rails.git] / app / controllers / old_nodes_controller.rb
diff --git a/app/controllers/old_nodes_controller.rb b/app/controllers/old_nodes_controller.rb
index a5b9cf563c5b063cd5d997749a793ce612b48489..9ef2ef881671550281858e5d8d967760646eb456 100644 (file)
--- a/app/controllers/old_nodes_controller.rb
+++ b/app/controllers/old_nodes_controller.rb
@@ -8,6 +8,7 @@ class OldNodesController < ApplicationController
 
   authorize_resource
 
+  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -16,4 +17,10 @@ class OldNodesController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
+
+  private
+
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
+  end
 end
The OpenStreetMap web site