X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/8090e086daad67eac711ad6fd6a5eba6f28d44fd..f4b599e8fd3a6998618dcbb4a1aae60ed5bbf2e4:/app/controllers/notes_controller.rb

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index e470bdbea..db9638203 100644
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -3,8 +3,12 @@ class NotesController < ApplicationController
   layout 'site', :only => [:mine]
 
   before_filter :check_api_readable
-  before_filter :authorize_web, :only => [:create, :comment, :close, :destroy, :mine]
+  before_filter :authorize_web, :only => [:mine]
+  before_filter :setup_user_auth, :only => [:create, :comment]
+  before_filter :authorize, :only => [:close, :destroy]
+  before_filter :require_moderator, :only => [:destroy]
   before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy]
+  before_filter :require_allow_write_notes, :only => [:create, :comment, :close, :destroy]
   before_filter :set_locale, :only => [:mine]
   after_filter :compress_output
   around_filter :api_call_handle_error, :api_call_timeout
@@ -52,7 +56,7 @@ class NotesController < ApplicationController
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat]
     raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon]
-    raise OSM::APIBadUserInput.new("No text was given") unless params[:text]
+    raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
 
     # Extract the arguments
     lon = params[:lon].to_f