From 098c2675ba07c12cc6c26b98aeed62d1c68e96fa Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 3 Jun 2014 20:59:25 +0100
Subject: [PATCH] Add support for ACL blocks on note commenting

---
 app/controllers/notes_controller.rb |  6 ++++++
 app/models/acl.rb                   |  4 ++++
 lib/osm.rb                          | 11 +++++++++++
 3 files changed, 21 insertions(+)

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 76c97ba5b..acd88be04 100644
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -53,6 +53,9 @@ class NotesController < ApplicationController
   ##
   # Create a new note
   def create
+    # Check the ACLs
+    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat]
     raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon]
@@ -86,6 +89,9 @@ class NotesController < ApplicationController
   ##
   # Add a comment to an existing note
   def comment
+    # Check the ACLs
+    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
     raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
diff --git a/app/models/acl.rb b/app/models/acl.rb
index 2db7fb765..e2f163ea5 100644
--- a/app/models/acl.rb
+++ b/app/models/acl.rb
@@ -11,6 +11,10 @@ class Acl < ActiveRecord::Base
     self.match(address, domain).where(:k => "no_account_creation").exists?
   end
 
+  def self.no_note_comment(address, domain = nil)
+    self.match(address, domain).where(:k => "no_note_comment").exists?
+  end
+
   def self.no_trace_download(address, domain = nil)
     self.match(address, domain).where(:k => "no_trace_download").exists?
   end
diff --git a/lib/osm.rb b/lib/osm.rb
index 9e8198299..daef8d3f0 100644
--- a/lib/osm.rb
+++ b/lib/osm.rb
@@ -24,6 +24,17 @@ module OSM
     end
   end
 
+  # Raised when access is denied.
+  class APIAccessDenied < RuntimeError
+    def status
+      :forbidden
+    end
+
+    def to_s
+      "Access denied"
+    end
+  end
+
   # Raised when an API object is not found.
   class APINotFoundError < APIError
     def status
-- 
2.43.2