X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/043d29fd7eb72048cf5d07edfbc20ec5c25af708..eb89a462d4532cf6c6e2d2ae6370548adca1977a:/app/controllers/notes_controller.rb diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index fde27e8b2..20894c4e8 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -1,6 +1,7 @@ class NotesController < ApplicationController layout "site", :only => [:mine] + skip_before_action :verify_authenticity_token, :except => [:mine] before_action :check_api_readable before_action :authorize_web, :only => [:mine] before_action :setup_user_auth, :only => [:create, :comment] @@ -278,6 +279,7 @@ class NotesController < ApplicationController def mine if params[:display_name] if @this_user = User.active.find_by(:display_name => params[:display_name]) + @params = params.permit(:display_name) @title = t "note.mine.title", :user => @this_user.display_name @heading = t "note.mine.heading", :user => @this_user.display_name @description = t "note.mine.subheading", :user => render_to_string(:partial => "user", :object => @this_user) @@ -285,7 +287,7 @@ class NotesController < ApplicationController @page_size = 10 @notes = @this_user.notes @notes = @notes.visible unless @user && @user.moderator? - @notes = @notes.order("updated_at DESC, id").uniq.offset((@page - 1) * @page_size).limit(@page_size).preload(:comments => :author).to_a + @notes = @notes.order("updated_at DESC, id").distinct.offset((@page - 1) * @page_size).limit(@page_size).preload(:comments => :author).to_a else @title = t "user.no_such_user.title" @not_found_user = params[:display_name] @@ -345,7 +347,7 @@ class NotesController < ApplicationController attributes[:author_ip] = request.remote_ip end - comment = note.comments.create(attributes) + comment = note.comments.create!(attributes) note.comments.map(&:author).uniq.each do |user| if notify && user && user != @user && user.visible?