cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use CanCanCan for changeset comments

Browse source 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
This commit is contained in:
Andy Allan 2018-11-14 15:45:30 +01:00
parent b29c173ac7
commit 8f70fb2114
6 changed files with 89 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/changeset_comments_controller.rb
View file

@ -3,8 +3,10 @@ class ChangesetCommentsController < ApplicationController
before_action :authorize_web, :only => [:index]
before_action :set_locale, :only => [:index]
before_action :authorize, :only => [:create, :destroy, :restore]
before_action :require_moderator, :only => [:destroy, :restore]
before_action :require_allow_write_api, :only => [:create, :destroy, :restore]
before_action :api_deny_access_handler, :only => [:create, :destroy, :restore]
authorize_resource
before_action :require_public_data, :only => [:create]
before_action :check_api_writable, :only => [:create, :destroy, :restore]
before_action :check_api_readable, :except => [:create, :index]