X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/6ca22de4f2c68e4b14a6e2f0938a8657c33adc31..ad68d4c6341ef5e9a804c9605092e7269980bc7b:/app/controllers/changeset_comments_controller.rb

diff --git a/app/controllers/changeset_comments_controller.rb b/app/controllers/changeset_comments_controller.rb
index 6a563f9b2..a3023af3e 100644
--- a/app/controllers/changeset_comments_controller.rb
+++ b/app/controllers/changeset_comments_controller.rb
@@ -1,9 +1,12 @@
 class ChangesetCommentsController < ApplicationController
+  skip_before_action :verify_authenticity_token, :except => [:index]
   before_action :authorize_web, :only => [:index]
   before_action :set_locale, :only => [:index]
   before_action :authorize, :only => [:create, :destroy, :restore]
-  before_action :require_moderator, :only => [:destroy, :restore]
-  before_action :require_allow_write_api, :only => [:create, :destroy, :restore]
+  before_action :api_deny_access_handler, :only => [:create, :destroy, :restore]
+
+  authorize_resource
+
   before_action :require_public_data, :only => [:create]
   before_action :check_api_writable, :only => [:create, :destroy, :restore]
   before_action :check_api_readable, :except => [:create, :index]