X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/eed9de548363fc705af1bab13c8d5a06cdd62a11..030bb31ec1a4f3b20f82ed7e4395189ecb8f5345:/app/controllers/notes_controller.rb

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 8a0029655..e79be2e8d 100644
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -3,8 +3,12 @@ class NotesController < ApplicationController
   layout 'site', :only => [:mine]
 
   before_filter :check_api_readable
-  before_filter :authorize_web, :only => [:create, :comment, :close, :destroy, :mine]
+  before_filter :authorize_web, :only => [:mine]
+  before_filter :setup_user_auth, :only => [:create, :comment]
+  before_filter :authorize, :only => [:close, :destroy]
+  before_filter :require_moderator, :only => [:destroy]
   before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy]
+  before_filter :require_allow_write_notes, :only => [:create, :comment, :close, :destroy]
   before_filter :set_locale, :only => [:mine]
   after_filter :compress_output
   around_filter :api_call_handle_error, :api_call_timeout
@@ -191,6 +195,7 @@ class NotesController < ApplicationController
 
     # Extract the arguments
     id = params[:id].to_i
+    comment = params[:text]
 
     # Find the note and check it is valid
     note = Note.find(id)
@@ -202,7 +207,7 @@ class NotesController < ApplicationController
       note.status = "hidden"
       note.save
 
-      add_comment(note, nil, "hidden")
+      add_comment(note, comment, "hidden")
     end
 
     # Render the result