Tom Hughes
efd2b92a80
Prevent unauthenticated users commenting on notes via the API
2023-11-23 16:56:07 +00:00
Richard Fairhurst
b7887b049f
Remove Geonames and geocoder.ca
2023-01-09 21:23:48 +00:00
Tom Hughes
9cb7a7b36b
Don't allow any abilities for inactive users
2022-12-23 16:37:33 +00:00
Andy Allan
da2277505f
Ensure that test utility methods are marked as private
...
This allows us to enable the check for test method names.
2020-10-28 11:49:01 +01:00
Andy Allan
41d6f19a6b
Rename the notes#mine action to index
2020-07-08 18:43:30 +02:00
Andy Allan
25ebf87e5a
Rename UserPreference controller methods to follow rails conventions more closely
2019-11-20 16:09:48 +01:00
Andy Allan
2142ff02c2
Allow moderators to hide diary entries and comments
2019-05-15 13:40:15 +02:00
Andy Allan
7b057545c0
Disentangle the api abilities from the web abilities
...
This will allow us to rename api actions without causing permissions headaches. The choice of
abilities files is made by inheriting from either api_controller or application_controller.
Also rename capabilities to api_capabilites, for consistency.
2019-03-27 18:07:29 +01:00
Andy Allan
a3a10237f7
Use CanCanCan for user_roles auth
2018-11-28 21:39:26 +01:00
Andy Allan
ea766ec57d
Use CanCanCan for notes authorization
2018-11-28 15:59:47 +01:00
Andy Allan
8f70fb2114
Use CanCanCan for changeset comments
...
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
2018-11-28 12:35:45 +01:00
Tom Hughes
8c269aba4e
Move abilities to a sepatarate top level directory
2018-11-03 12:56:50 +00:00
