X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/be0e33862fedbf02e52a9e126cac31dfb5775b43..aab9473f69da4186f5f3c9039c240901e5d3db2f:/app/controllers/api/notes_controller.rb

diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb
index d4ebef5d4..fc9167eb3 100644
--- a/app/controllers/api/notes_controller.rb
+++ b/app/controllers/api/notes_controller.rb
@@ -1,12 +1,10 @@
 module Api
-  class NotesController < ApplicationController
+  class NotesController < ApiController
     layout "site", :only => [:mine]
 
-    skip_before_action :verify_authenticity_token
     before_action :check_api_readable
     before_action :setup_user_auth, :only => [:create, :comment, :show]
-    before_action :authorize, :only => [:close, :reopen, :destroy]
-    before_action :api_deny_access_handler
+    before_action :authorize, :only => [:close, :reopen, :destroy, :comment]
 
     authorize_resource
 
@@ -37,7 +35,7 @@ module Api
       bbox.check_boundaries
 
       # Check the the bounding box is not too big
-      bbox.check_size(MAX_NOTE_REQUEST_AREA)
+      bbox.check_size(Settings.max_note_request_area)
 
       # Find the notes we want to return
       @notes = notes.bbox(bbox).order("updated_at DESC").limit(result_limit).preload(:comments)
@@ -190,7 +188,7 @@ module Api
         bbox = BoundingBox.from_bbox_params(params)
 
         bbox.check_boundaries
-        bbox.check_size(MAX_NOTE_REQUEST_AREA)
+        bbox.check_size(Settings.max_note_request_area)
 
         notes = notes.bbox(bbox)
       end