Use OAuth for notes API calls and require authentication to close

[rails.git] / app / controllers / notes_controller.rb

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 1f5b990cc818cd2cc9c008da0dceaed88bb4f87f..b25dc9a9ed777e18e0c2f5bc13cb2efec8320211 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -3,7 +3,9 @@ class NotesController < ApplicationController
   layout 'site', :only => [:mine]
 
   before_filter :check_api_readable
-  before_filter :authorize_web, :only => [:create, :comment, :close, :destroy, :mine]
+  before_filter :authorize_web, :only => [:mine]
+  before_filter :setup_user_auth, :only => [:create, :comment]
+  before_filter :authorize, :only => [:close, :destroy]
   before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy]
   before_filter :set_locale, :only => [:mine]
   after_filter :compress_output
@@ -52,7 +54,7 @@ class NotesController < ApplicationController
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat]
     raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon]
-    raise OSM::APIBadUserInput.new("No text was given") unless params[:text]
+    raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
 
     # Extract the arguments
     lon = params[:lon].to_f
@@ -84,7 +86,7 @@ class NotesController < ApplicationController
   def comment
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
-    raise OSM::APIBadUserInput.new("No text was given") unless params[:text]
+    raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
 
     # Extract the arguments
     id = params[:id].to_i
@@ -93,7 +95,8 @@ class NotesController < ApplicationController
     # Find the note and check it is valid
     @note = Note.find(id)
     raise OSM::APINotFoundError unless @note
-    raise OSM::APIAlreadyDeletedError unless @note.visible?
+    raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+    raise OSM::APINoteAlreadyClosedError.new(@note) if @note.closed?
 
     # Add a comment to the note
     Note.transaction do
@@ -120,7 +123,8 @@ class NotesController < ApplicationController
     # Find the note and check it is valid
     @note = Note.find_by_id(id)
     raise OSM::APINotFoundError unless @note
-    raise OSM::APIAlreadyDeletedError unless @note.visible?
+    raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+    raise OSM::APINoteAlreadyClosedError.new(@note) if @note.closed?
 
     # Close the note and add a comment
     Note.transaction do
@@ -170,8 +174,8 @@ class NotesController < ApplicationController
     # Find the note and check it is valid
     @note = Note.find(params[:id])
     raise OSM::APINotFoundError unless @note
-    raise OSM::APIAlreadyDeletedError unless @note.visible?
-    
+    raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
+
     # Render the result
     respond_to do |format|
       format.xml
@@ -193,7 +197,7 @@ class NotesController < ApplicationController
     # Find the note and check it is valid
     note = Note.find(id)
     raise OSM::APINotFoundError unless note
-    raise OSM::APIAlreadyDeletedError unless note.visible?
+    raise OSM::APIAlreadyDeletedError.new("note", note.id) unless note.visible?
 
     # Mark the note as hidden
     Note.transaction do