From cbc4c5352d66739e8d9cb89c1888fe0687d80c09 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 5 Dec 2018 12:54:55 +0000
Subject: [PATCH] Only check IP addresses for anonymous note comments

---
 app/controllers/notes_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 62fd9d078..036238db1 100644
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -55,7 +55,7 @@ class NotesController < ApplicationController
   # Create a new note
   def create
     # Check the ACLs
-    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+    raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip)
 
     # Check the arguments are sane
     raise OSM::APIBadUserInput, "No lat was given" unless params[:lat]
@@ -91,7 +91,7 @@ class NotesController < ApplicationController
   # Add a comment to an existing note
   def comment
     # Check the ACLs
-    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+    raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip)
 
     # Check the arguments are sane
     raise OSM::APIBadUserInput, "No id was given" unless params[:id]
-- 
2.43.2