Simplify deny_access handling

[rails.git] / app / controllers / api / changeset_comments_controller.rb

diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb
index 6093f529e6039e92b10b3b330e785de4de4baba7..21c854139c9bf9d684183461650be60af8c9ee12 100644 (file)
--- a/app/controllers/api/changeset_comments_controller.rb
+++ b/app/controllers/api/changeset_comments_controller.rb
@@ -1,8 +1,6 @@
 module Api
-  class ChangesetCommentsController < ApplicationController
-    skip_before_action :verify_authenticity_token
+  class ChangesetCommentsController < ApiController
     before_action :authorize
-    before_action :api_deny_access_handler
 
     authorize_resource
 
@@ -41,7 +39,8 @@ module Api
       changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id)
 
       # Return a copy of the updated changeset
-      render :xml => changeset.to_xml.to_s
+      @changeset = changeset
+      render "api/changesets/changeset"
     end
 
     ##
@@ -60,7 +59,8 @@ module Api
       comment.update(:visible => false)
 
       # Return a copy of the updated changeset
-      render :xml => comment.changeset.to_xml.to_s
+      @changeset = comment.changeset
+      render "api/changesets/changeset"
     end
 
     ##
@@ -79,7 +79,8 @@ module Api
       comment.update(:visible => true)
 
       # Return a copy of the updated changeset
-      render :xml => comment.changeset.to_xml.to_s
+      @changeset = comment.changeset
+      render "api/changesets/changeset"
     end
   end
 end