cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check user instead of scope when getting note author info

Browse source 
Previously it was possible to create a note while authorized but having no write_notes scope. Currently it's not possible.
This commit is contained in:
Anton Khorev 2025-02-15 03:34:53 +03:00
parent f5af8befa9
commit 037bafcd1c
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/notes_controller.rb
View file

@ -387,7 +387,7 @@ module Api
##
# Get author's information (for logged in users - user_id, for logged out users - IP address)
def author_info
if scope_enabled?(:write_notes)
if current_user
{ :user_id => current_user.id }
else
{ :user_ip => request.remote_ip }