From: Tom Hughes <tom@compton.nu>
Date: Thu, 28 Mar 2013 00:34:23 +0000 (+0000)
Subject: Use OAuth for notes API calls and require authentication to close
X-Git-Tag: live~5052^2~14
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/38255f9f8d7363b51350338fdda5753647aca1af

Use OAuth for notes API calls and require authentication to close
---

diff --git a/app/assets/javascripts/index/notes.js.erb b/app/assets/javascripts/index/notes.js.erb
index a623a51a2..e67749f07 100644
--- a/app/assets/javascripts/index/notes.js.erb
+++ b/app/assets/javascripts/index/notes.js.erb
@@ -171,6 +171,7 @@ $(document).ready(function () {
     $.ajax({
       url: url,
       type: "POST",
+      oauth: true,
       data: {
         lat: location.lat,
         lon: location.lng,
@@ -191,6 +192,7 @@ $(document).ready(function () {
     $.ajax({
       url: url,
       type: "POST",
+      oauth: true,
       data: {
         text: $(form.text).val()
       },
diff --git a/app/assets/javascripts/templates/notes/show.jst.ejs b/app/assets/javascripts/templates/notes/show.jst.ejs
index aa98220f4..7063090df 100644
--- a/app/assets/javascripts/templates/notes/show.jst.ejs
+++ b/app/assets/javascripts/templates/notes/show.jst.ejs
@@ -25,7 +25,7 @@
     <textarea class="comment" name="text" cols="40" rows="5"></textarea>
     <br/>
     <div class="buttons">
-      <input type="submit" name="close" value="<%- I18n.t('javascripts.notes.show.resolve') %>" data-url="<%- note.close_url %>">
+      <input type="submit" name="close" value="<%- I18n.t('javascripts.notes.show.resolve') %>" class="hide_unless_logged_in" data-url="<%- note.close_url %>">
       <input type="submit" name="comment" value="<%- I18n.t('javascripts.notes.show.comment') %>" data-url="<%- note.comment_url %>" disabled="1">
     </div>
   </form>
diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 8a0029655..b25dc9a9e 100644
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -3,7 +3,9 @@ class NotesController < ApplicationController
   layout 'site', :only => [:mine]
 
   before_filter :check_api_readable
-  before_filter :authorize_web, :only => [:create, :comment, :close, :destroy, :mine]
+  before_filter :authorize_web, :only => [:mine]
+  before_filter :setup_user_auth, :only => [:create, :comment]
+  before_filter :authorize, :only => [:close, :destroy]
   before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy]
   before_filter :set_locale, :only => [:mine]
   after_filter :compress_output
diff --git a/app/views/site/index.html.erb b/app/views/site/index.html.erb
index aa1197a5e..3efdd9289 100644
--- a/app/views/site/index.html.erb
+++ b/app/views/site/index.html.erb
@@ -46,3 +46,4 @@
     </tr>
   </table>
 </div>
+