]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/old_ways_controller.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't show unredacted element versions to non-moderators
[rails.git] / app / controllers / old_ways_controller.rb
diff --git a/app/controllers/old_ways_controller.rb b/app/controllers/old_ways_controller.rb
index d18121e6fe8652994729e14aa5808b6ebd1358c8..dd3c3279fd41fa54928bbe13362da0e7468e2055 100644 (file)
--- a/app/controllers/old_ways_controller.rb
+++ b/app/controllers/old_ways_controller.rb
@@ -8,6 +8,7 @@ class OldWaysController < ApplicationController
 
   authorize_resource
 
+  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -16,4 +17,10 @@ class OldWaysController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
+
+  private
+
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
+  end
 end
The OpenStreetMap web site