Simplify deny_access handling

[rails.git] / app / controllers / api / notes_controller.rb

diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb
index d4ebef5d4fb58e2b8e741c5f5dce1e2b3e481d88..20a24ce997bbe10a6aaf546d2f0131b91a4abb47 100644 (file)
--- a/app/controllers/api/notes_controller.rb
+++ b/app/controllers/api/notes_controller.rb
@@ -1,12 +1,10 @@
 module Api
-  class NotesController < ApplicationController
+  class NotesController < ApiController
     layout "site", :only => [:mine]
 
-    skip_before_action :verify_authenticity_token
     before_action :check_api_readable
     before_action :setup_user_auth, :only => [:create, :comment, :show]
     before_action :authorize, :only => [:close, :reopen, :destroy]
-    before_action :api_deny_access_handler
 
     authorize_resource
 
@@ -37,7 +35,7 @@ module Api
       bbox.check_boundaries
 
       # Check the the bounding box is not too big
-      bbox.check_size(MAX_NOTE_REQUEST_AREA)
+      bbox.check_size(Settings.max_note_request_area)
 
       # Find the notes we want to return
       @notes = notes.bbox(bbox).order("updated_at DESC").limit(result_limit).preload(:comments)
@@ -190,7 +188,7 @@ module Api
         bbox = BoundingBox.from_bbox_params(params)
 
         bbox.check_boundaries
-        bbox.check_size(MAX_NOTE_REQUEST_AREA)
+        bbox.check_size(Settings.max_note_request_area)
 
         notes = notes.bbox(bbox)
       end