cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Require terms agreement for abilities and capabilities related to api write methods

Browse source
This commit is contained in:
Andy Allan 2019-01-02 17:40:43 +01:00
parent 4b0fed0aa4
commit c7a7d29813
3 changed files with 77 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/abilities/capability.rb
View file

@ -4,13 +4,16 @@ class Capability
include CanCan::Ability
def initialize(token)
can :create, ChangesetComment if capability?(token, :allow_write_api)
can [:create, :comment, :close, :reopen], Note if capability?(token, :allow_write_notes)
can [:api_details], User if capability?(token, :allow_read_prefs)
can [:api_gpx_files], User if capability?(token, :allow_read_gpx)
can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED
can :create, ChangesetComment if capability?(token, :allow_write_api)
end
if token&.user&.moderator?
can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
can :destroy, Note if capability?(token, :allow_write_notes)