Add support for ACL blocks on note commenting

app/controllers/notes_controller.rb

@@ -53,6 +53,9 @@ class NotesController < ApplicationController
   ##
   # Create a new note
   def create
+    # Check the ACLs
+    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat]
     raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon]
@@ -86,6 +89,9 @@ class NotesController < ApplicationController
   ##
   # Add a comment to an existing note
   def comment
+    # Check the ACLs
+    raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
+
     # Check the arguments are sane
     raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
     raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?

app/models/acl.rb

@@ -11,6 +11,10 @@ class Acl < ActiveRecord::Base
     self.match(address, domain).where(:k => "no_account_creation").exists?
   end
 
+  def self.no_note_comment(address, domain = nil)
+    self.match(address, domain).where(:k => "no_note_comment").exists?
+  end
+
   def self.no_trace_download(address, domain = nil)
     self.match(address, domain).where(:k => "no_trace_download").exists?
   end

lib/osm.rb

@@ -24,6 +24,17 @@ module OSM
     end
   end
 
+  # Raised when access is denied.
+  class APIAccessDenied < RuntimeError
+    def status
+      :forbidden
+    end
+
+    def to_s
+      "Access denied"
+    end
+  end
+
   # Raised when an API object is not found.
   class APINotFoundError < APIError
     def status