X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/3ec67ea2d395f9ae78f806f8e583e10d691861de..2d4c548a9e9a73e74b3afd3779d69d82a57b1ecc:/app/controllers/notes_controller.rb?ds=inline diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index fc7a9e3c7..036238db1 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -6,9 +6,11 @@ class NotesController < ApplicationController before_action :authorize_web, :only => [:mine] before_action :setup_user_auth, :only => [:create, :comment, :show] before_action :authorize, :only => [:close, :reopen, :destroy] - before_action :require_moderator, :only => [:destroy] + before_action :api_deny_access_handler, :except => [:mine] + + authorize_resource + before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy] - before_action :require_allow_write_notes, :only => [:create, :comment, :close, :reopen, :destroy] before_action :set_locale around_action :api_call_handle_error, :api_call_timeout @@ -53,7 +55,7 @@ class NotesController < ApplicationController # Create a new note def create # Check the ACLs - raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip) + raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) # Check the arguments are sane raise OSM::APIBadUserInput, "No lat was given" unless params[:lat] @@ -89,7 +91,7 @@ class NotesController < ApplicationController # Add a comment to an existing note def comment # Check the ACLs - raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip) + raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip) # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] @@ -255,12 +257,47 @@ class NotesController < ApplicationController ## # Return a list of notes matching a given string def search - # Check the arguments are sane - raise OSM::APIBadUserInput, "No query string was given" unless params[:q] - - # Get any conditions that need to be applied + # Get the initial set of notes @notes = closed_condition(Note.all) - @notes = @notes.joins(:comments).where("to_tsvector('english', note_comments.body) @@ plainto_tsquery('english', ?)", params[:q]) + + # Add any user filter + if params[:display_name] || params[:user] + if params[:display_name] + @user = User.find_by(:display_name => params[:display_name]) + + raise OSM::APIBadUserInput, "User #{params[:display_name]} not known" unless @user + else + @user = User.find_by(:id => params[:user]) + + raise OSM::APIBadUserInput, "User #{params[:user]} not known" unless @user + end + + @notes = @notes.joins(:comments).where(:note_comments => { :author_id => @user }) + end + + # Add any text filter + @notes = @notes.joins(:comments).where("to_tsvector('english', note_comments.body) @@ plainto_tsquery('english', ?)", params[:q]) if params[:q] + + # Add any date filter + if params[:from] + begin + from = Time.parse(params[:from]) + rescue ArgumentError + raise OSM::APIBadUserInput, "Date #{params[:from]} is in a wrong format" + end + + begin + to = if params[:to] + Time.parse(params[:to]) + else + Time.now + end + rescue ArgumentError + raise OSM::APIBadUserInput, "Date #{params[:to]} is in a wrong format" + end + + @notes = @notes.where(:created_at => from..to) + end # Find the notes we want to return @notes = @notes.order("updated_at DESC").limit(result_limit).preload(:comments) @@ -352,7 +389,7 @@ class NotesController < ApplicationController comment = note.comments.create!(attributes) note.comments.map(&:author).uniq.each do |user| - Notifier.note_comment_notification(comment, user).deliver_now if notify && user && user != current_user && user.visible? + Notifier.note_comment_notification(comment, user).deliver_later if notify && user && user != current_user && user.visible? end end end