X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/39c5d8caa71b29d70bb136d6e0a560426e089112..947a41edee95df9e75cce0452277e2a00a8b5fa5:/app/controllers/old_controller.rb

diff --git a/app/controllers/old_controller.rb b/app/controllers/old_controller.rb
index 3815f5ae0..74fe0883b 100644
--- a/app/controllers/old_controller.rb
+++ b/app/controllers/old_controller.rb
@@ -6,9 +6,11 @@ class OldController < ApplicationController
 
   skip_before_action :verify_authenticity_token
   before_action :setup_user_auth, :only => [:history, :version]
+  before_action :api_deny_access_handler
   before_action :authorize, :only => [:redact]
-  before_action :authorize_moderator, :only => [:redact]
-  before_action :require_allow_write_api, :only => [:redact]
+
+  authorize_resource
+
   before_action :check_api_readable
   before_action :check_api_writable, :only => [:redact]
   around_action :api_call_handle_error, :api_call_timeout
@@ -19,7 +21,7 @@ class OldController < ApplicationController
     # the .where() method used in the lookup_old_element_versions
     # call won't throw an error if no records are found, so we have
     # to do that ourselves.
-    raise OSM::APINotFoundError.new if @elements.empty?
+    raise OSM::APINotFoundError if @elements.empty?
 
     doc = OSM::API.new.get_xml_doc
 
@@ -70,6 +72,6 @@ class OldController < ApplicationController
   private
 
   def show_redactions?
-    current_user && current_user.moderator? && params[:show_redactions] == "true"
+    current_user&.moderator? && params[:show_redactions] == "true"
   end
 end