Refactor users_controller to use CanCanCan for authorisation

2018-12-12 16:01:54 +01:00 · 2018-12-12 16:01:54 +01:00 · ca596106f5
commit ca596106f5
parent 981e4a34b5
5 changed files with 21 additions and 35 deletions
--- a/app/abilities/capability.rb
+++ b/app/abilities/capability.rb
@ -6,6 +6,8 @@ class Capability
  def initialize(token)
    can :create, ChangesetComment if capability?(token, :allow_write_api)
    can [:create, :comment, :close, :reopen], Note if capability?(token, :allow_write_notes)
+    can [:api_details], User if capability?(token, :allow_read_prefs)
+    can [:api_gpx_files], User if capability?(token, :allow_read_gpx)
    can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
    can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)