cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use CanCanCan for nodes, ways, relations, old and api controllers

Browse source
This commit is contained in:
Andy Allan 2019-01-09 18:28:27 +01:00
parent fbbabeff1e
commit e7f943c715
7 changed files with 45 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
app/abilities/ability.rb
View file

@ -4,6 +4,7 @@ class Ability
include CanCan::Ability
def initialize(user)
can [:trackpoints, :map, :changes, :capabilities, :permissions], :api
can [:relation, :relation_history, :way, :way_history, :node, :node_history,
:changeset, :note, :new_note, :query], :browse
can [:index, :feed, :read, :download, :query], Changeset
@ -21,6 +22,12 @@ class Ability
can [:index, :show, :data, :georss, :picture, :icon], Trace
can [:terms, :api_users, :login, :logout, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :api_read, :auth_success, :auth_failure], User
can [:index, :show, :blocks_on, :blocks_by], UserBlock
can [:read, :nodes], Node
can [:read, :full, :ways, :ways_for_node], Way
can [:read, :full, :relations, :relations_for_node, :relations_for_way, :relations_for_relation], Relation
can [:history, :version], OldNode
can [:history, :version], OldWay
can [:history, :version], OldRelation
if user
can :welcome, :site
@ -36,6 +43,9 @@ class Ability
if user.terms_agreed? || !REQUIRE_TERMS_AGREED
can [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox], Changeset
can :create, ChangesetComment
can [:create, :update, :delete], Node
can [:create, :update, :delete], Way
can [:create, :update, :delete], Relation
end
if user.moderator?
@ -45,6 +55,11 @@ class Ability
can :destroy, Note
can [:new, :create, :edit, :update, :destroy], Redaction
can [:new, :edit, :create, :update, :revoke], UserBlock
if user.terms_agreed? || !REQUIRE_TERMS_AGREED
can :redact, OldNode
can :redact, OldWay
can :redact, OldRelation
end
end
if user.administrator?

8
app/abilities/capability.rb
View file

@ -15,11 +15,19 @@ class Capability
if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED
can [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox], Changeset if capability?(token, :allow_write_api)
can :create, ChangesetComment if capability?(token, :allow_write_api)
can [:create, :update, :delete], Node if capability?(token, :allow_write_api)
can [:create, :update, :delete], Way if capability?(token, :allow_write_api)
can [:create, :update, :delete], Relation if capability?(token, :allow_write_api)
end
if token&.user&.moderator?
can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
can :destroy, Note if capability?(token, :allow_write_notes)
if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED
can :redact, OldNode if capability?(token, :allow_write_api)
can :redact, OldWay if capability?(token, :allow_write_api)
can :redact, OldRelation if capability?(token, :allow_write_api)
end
end
end

4
app/controllers/api_controller.rb
View file

@ -1,5 +1,9 @@
class ApiController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :api_deny_access_handler
authorize_resource :class => false
before_action :check_api_readable, :except => [:capabilities]
before_action :setup_user_auth, :only => [:permissions]
around_action :api_call_handle_error, :api_call_timeout

5
app/controllers/nodes_controller.rb
View file

@ -5,7 +5,10 @@ class NodesController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :delete]
before_action :require_allow_write_api, :only => [:create, :update, :delete]
before_action :api_deny_access_handler
authorize_resource
before_action :require_public_data, :only => [:create, :update, :delete]
before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :check_api_readable, :except => [:create, :update, :delete]

6
app/controllers/old_controller.rb
View file

@ -6,9 +6,11 @@ class OldController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :setup_user_auth, :only => [:history, :version]
before_action :api_deny_access_handler
before_action :authorize, :only => [:redact]
before_action :authorize_moderator, :only => [:redact]
before_action :require_allow_write_api, :only => [:redact]
authorize_resource
before_action :check_api_readable
before_action :check_api_writable, :only => [:redact]
around_action :api_call_handle_error, :api_call_timeout

7
app/controllers/relations_controller.rb
View file

@ -3,7 +3,10 @@ class RelationsController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :delete]
before_action :require_allow_write_api, :only => [:create, :update, :delete]
before_action :api_deny_access_handler
authorize_resource
before_action :require_public_data, :only => [:create, :update, :delete]
before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :check_api_readable, :except => [:create, :update, :delete]
@ -148,6 +151,8 @@ class RelationsController < ApplicationController
relations_for_object("Relation")
end
private
def relations_for_object(objtype)
relationids = RelationMember.where(:member_type => objtype, :member_id => params[:id]).collect(&:relation_id).uniq

5
app/controllers/ways_controller.rb
View file

@ -3,7 +3,10 @@ class WaysController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize, :only => [:create, :update, :delete]
before_action :require_allow_write_api, :only => [:create, :update, :delete]
before_action :api_deny_access_handler
authorize_resource
before_action :require_public_data, :only => [:create, :update, :delete]
before_action :check_api_writable, :only => [:create, :update, :delete]
before_action :check_api_readable, :except => [:create, :update, :delete]