]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d50a079)
do not allow anonymous users to comment on notes
authorFrederik Ramm <frederik@remote.org>
Tue, 17 Jul 2018 10:41:49 +0000 (12:41 +0200)
committerFrederik Ramm <frederik@remote.org>
Tue, 17 Jul 2018 10:41:49 +0000 (12:41 +0200)
app/controllers/notes_controller.rb patch | blob | history
app/views/browse/note.html.erb patch | blob | history

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 853072b7bbc2134758526a32325e4e2136ce1b09..0f0e30f20265589eaea004391136d86bce9dfaa1 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -5,7 +5,7 @@ class NotesController < ApplicationController
   before_action :check_api_readable
   before_action :authorize_web, :only => [:mine]
   before_action :setup_user_auth, :only => [:create, :comment]
-  before_action :authorize, :only => [:close, :reopen, :destroy]
+  before_action :authorize, :only => [:close, :reopen, :destroy, :comment]
   before_action :require_moderator, :only => [:destroy]
   before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
   before_action :require_allow_write_notes, :only => [:create, :comment, :close, :reopen, :destroy]
diff --git a/app/views/browse/note.html.erb b/app/views/browse/note.html.erb
index 53ea0759e9f79866bbbfc97dfe416e0b0a1d0e8d..3032d940633c6917501278194935af878329010e 100644 (file)
--- a/app/views/browse/note.html.erb
+++ b/app/views/browse/note.html.erb
@@ -41,18 +41,18 @@
   <% end %>
 
   <% if @note.status == "open" %>
-    <form action="#">
-      <textarea class="comment" name="text" cols="40" rows="5"></textarea>
-      <div class="buttons clearfix">
-        <% if current_user and current_user.moderator? -%>
+    <% if current_user -%>
+      <form action="#">
+        <textarea class="comment" name="text" cols="40" rows="5"></textarea>
+        <div class="buttons clearfix">
+        <% if current_user.moderator? -%>
           <input type="submit" name="hide" value="<%= t('javascripts.notes.show.hide') %>" class="deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, 'json') %>">
         <% end -%>
-        <% if current_user -%>
-          <input type="submit" name="close" value="<%= t('javascripts.notes.show.resolve') %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, 'json') %>">
-        <% end -%>
+        <input type="submit" name="close" value="<%= t('javascripts.notes.show.resolve') %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, 'json') %>">
         <input type="submit" name="comment" value="<%= t('javascripts.notes.show.comment') %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= comment_note_url(@note, 'json') %>" disabled="1">
       </div>
     </form>
+    <% end -%>
   <% else %>
     <form action="#">
       <input type="hidden" name="text" value="">
The OpenStreetMap web site