X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/c78853a97e6bcc7c742602867deb70e8da39523e..a3eb48385bcf1465339d473c0c1657e075cd507d:/app/controllers/notes_controller.rb

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 76c97ba5b..acd88be04 100644
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -53,6 +53,9 @@ class NotesController < ApplicationController
   ##
   # Create a new note
   def create
+    # Check the ACLs
+    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat]
     raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon]
@@ -86,6 +89,9 @@ class NotesController < ApplicationController
   ##
   # Add a comment to an existing note
   def comment
+    # Check the ACLs
+    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
     raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?