X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/4b0d56f7e15d2929c973265e3b545e69273b8cb5..35a2d66e1960b00e5ed0cecbe4263cdeedb1ad62:/app/controllers/changeset_comments_controller.rb diff --git a/app/controllers/changeset_comments_controller.rb b/app/controllers/changeset_comments_controller.rb index 856b12f20..a3023af3e 100644 --- a/app/controllers/changeset_comments_controller.rb +++ b/app/controllers/changeset_comments_controller.rb @@ -1,11 +1,14 @@ class ChangesetCommentsController < ApplicationController + skip_before_action :verify_authenticity_token, :except => [:index] before_action :authorize_web, :only => [:index] before_action :set_locale, :only => [:index] - before_action :authorize, :only => [:create, :hide_comment, :unhide_comment] - before_action :require_moderator, :only => [:hide_comment, :unhide_comment] - before_action :require_allow_write_api, :only => [:create, :hide_comment, :unhide_comment] + before_action :authorize, :only => [:create, :destroy, :restore] + before_action :api_deny_access_handler, :only => [:create, :destroy, :restore] + + authorize_resource + before_action :require_public_data, :only => [:create] - before_action :check_api_writable, :only => [:create, :hide_comment, :unhide_comment] + before_action :check_api_writable, :only => [:create, :destroy, :restore] before_action :check_api_readable, :except => [:create, :index] before_action(:only => [:index]) { |c| c.check_database_readable(true) } around_action :api_call_handle_error, :except => [:index] @@ -46,7 +49,7 @@ class ChangesetCommentsController < ApplicationController ## # Sets visible flag on comment to false - def hide_comment + def destroy # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] @@ -65,7 +68,7 @@ class ChangesetCommentsController < ApplicationController ## # Sets visible flag on comment to true - def unhide_comment + def restore # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id]