X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/d1aa084d2804137d2c1d4bf04f7fd5fe319d6772..030bb31ec1a4f3b20f82ed7e4395189ecb8f5345:/app/controllers/notes_controller.rb diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index e470bdbea..e79be2e8d 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -3,8 +3,12 @@ class NotesController < ApplicationController layout 'site', :only => [:mine] before_filter :check_api_readable - before_filter :authorize_web, :only => [:create, :comment, :close, :destroy, :mine] + before_filter :authorize_web, :only => [:mine] + before_filter :setup_user_auth, :only => [:create, :comment] + before_filter :authorize, :only => [:close, :destroy] + before_filter :require_moderator, :only => [:destroy] before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy] + before_filter :require_allow_write_notes, :only => [:create, :comment, :close, :destroy] before_filter :set_locale, :only => [:mine] after_filter :compress_output around_filter :api_call_handle_error, :api_call_timeout @@ -52,7 +56,7 @@ class NotesController < ApplicationController # Check the arguments are sane raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat] raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon] - raise OSM::APIBadUserInput.new("No text was given") unless params[:text] + raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank? # Extract the arguments lon = params[:lon].to_f @@ -191,6 +195,7 @@ class NotesController < ApplicationController # Extract the arguments id = params[:id].to_i + comment = params[:text] # Find the note and check it is valid note = Note.find(id) @@ -202,7 +207,7 @@ class NotesController < ApplicationController note.status = "hidden" note.save - add_comment(note, nil, "hidden") + add_comment(note, comment, "hidden") end # Render the result