Fix security policy for mapillary in iD

[rails.git] / app / controllers / changeset_controller.rb

diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb
index 531ec17eebbec7303b4a20c572be79b213f06420..898afae4a30de945a7d5e338c0b4c93b8c8643b1 100644 (file)
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@@ -28,7 +28,7 @@ class ChangesetController < ApplicationController
     cs = Changeset.from_xml(request.raw_post, true)
 
     # Assume that Changeset.from_xml has thrown an exception if there is an error parsing the xml
-    cs.user_id = current_user.id
+    cs.user = current_user
     cs.save_with_tags!
 
     # Subscribe user to changeset comments
@@ -496,7 +496,7 @@ class ChangesetController < ApplicationController
         # changesets if they're non-public
         setup_user_auth
 
-        raise OSM::APINotFoundError if current_user.nil? || current_user.id != u.id
+        raise OSM::APINotFoundError if current_user.nil? || current_user != u
       end
 
       changesets.where(:user_id => u.id)
@@ -516,13 +516,13 @@ class ChangesetController < ApplicationController
       times = time.split(/,/)
       raise OSM::APIBadUserInput, "bad time range" if times.size != 2
 
-      from, to = times.collect { |t| DateTime.parse(t) }
+      from, to = times.collect { |t| Time.parse(t) }
       return changesets.where("closed_at >= ? and created_at <= ?", from, to)
     else
       # if there is no comma, assume its a lower limit on time
-      return changesets.where("closed_at >= ?", DateTime.parse(time))
+      return changesets.where("closed_at >= ?", Time.parse(time))
     end
-    # stupid DateTime seems to throw both of these for bad parsing, so
+    # stupid Time seems to throw both of these for bad parsing, so
     # we have to catch both and ensure the correct code path is taken.
   rescue ArgumentError => ex
     raise OSM::APIBadUserInput, ex.message.to_s