cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/2105'

Browse source
This commit is contained in:
Tom Hughes 2019-01-09 17:14:53 +00:00
commit 1b292d2389
3 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/abilities/ability.rb
View file

@ -4,6 +4,7 @@ class Ability
include CanCan::Ability include CanCan::Ability
def initialize(user) def initialize(user)
can [:index, :feed, :read, :download, :query], Changeset
can :index, ChangesetComment can :index, ChangesetComment
can [:index, :permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id], :site can [:index, :permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id], :site
can [:index, :rss, :show, :comments], DiaryEntry can [:index, :rss, :show, :comments], DiaryEntry
@ -22,7 +23,8 @@ class Ability
can [:account, :go_public, :make_friend, :remove_friend, :api_details, :api_gpx_files], User can [:account, :go_public, :make_friend, :remove_friend, :api_details, :api_gpx_files], User
can [:read, :read_one, :update, :update_one, :delete_one], UserPreference can [:read, :read_one, :update, :update_one, :delete_one], UserPreference
if user.terms_agreed? || !REQUIRE_TERMS_AGREED # rubocop:disable Style/IfUnlessModifier if user.terms_agreed? || !REQUIRE_TERMS_AGREED
can [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox], Changeset
can :create, ChangesetComment can :create, ChangesetComment
end end

1
app/abilities/capability.rb
View file

@ -11,6 +11,7 @@ class Capability
can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs) can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED
can [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox], Changeset if capability?(token, :allow_write_api)
can :create, ChangesetComment if capability?(token, :allow_write_api) can :create, ChangesetComment if capability?(token, :allow_write_api)
end end

5
app/controllers/changesets_controller.rb
View file

@ -8,7 +8,10 @@ class ChangesetsController < ApplicationController
before_action :authorize_web, :only => [:index, :feed] before_action :authorize_web, :only => [:index, :feed]
before_action :set_locale, :only => [:index, :feed] before_action :set_locale, :only => [:index, :feed]
before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] before_action :authorize, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
before_action :require_allow_write_api, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] before_action :api_deny_access_handler, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox]
authorize_resource
before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe] before_action :require_public_data, :only => [:create, :update, :upload, :close, :subscribe, :unsubscribe]
before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe] before_action :check_api_writable, :only => [:create, :update, :upload, :subscribe, :unsubscribe]
before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :index, :feed, :subscribe, :unsubscribe] before_action :check_api_readable, :except => [:create, :update, :upload, :download, :query, :index, :feed, :subscribe, :unsubscribe]