Previously it was possible to create a note while authorized but having no write_notes scope. The scope check was added to fix #4362.
Currently it's not possible to create notes in this manner and there's a test for that: https://github.com/openstreetmap/openstreetmap-website/blob/f5af8befa9ffe0c95f4a3c58d2fbb63a2e971ab0/test/controllers/api/notes_controller_test.rb#L233-L242 You can view, comment on, or merge this pull request online at: https://github.com/openstreetmap/openstreetmap-website/pull/5674 -- Commit Summary -- * Check user instead of scope when getting note author info -- File Changes -- M app/controllers/api/notes_controller.rb (2) -- Patch Links -- https://github.com/openstreetmap/openstreetmap-website/pull/5674.patch https://github.com/openstreetmap/openstreetmap-website/pull/5674.diff -- Reply to this email directly or view it on GitHub: https://github.com/openstreetmap/openstreetmap-website/pull/5674 You are receiving this because you are subscribed to this thread. Message ID: <openstreetmap/openstreetmap-website/pull/5...@github.com>
_______________________________________________ rails-dev mailing list rails-dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/rails-dev
