cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openstreetmap-website/app/abilities/api_ability.rb
Anton Khorev 77a2657d33 Pass scopes instead of token to ApiAbility
2025-02-14 00:15:52 +03:00

76 lines
2.8 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class ApiAbility
include CanCan::Ability
def initialize(user, scopes)
can :read, [:version, :capability, :permission, :map]
if Settings.status != "database_offline"
can [:read, :feed, :search], Note
can :create, Note unless user
can [:read, :download], Changeset
can :read, Tracepoint
can :read, User
can :read, [Node, Way, Relation, OldNode, OldWay, OldRelation]
can :read, UserBlock
if user&.active?
can [:create, :comment, :close, :reopen], Note if scopes.include?("write_notes")
can [:create, :destroy], NoteSubscription if scopes.include?("write_notes")
can :read, Trace if scopes.include?("read_gpx")
can [:create, :update, :destroy], Trace if scopes.include?("write_gpx")
can :details, User if scopes.include?("read_prefs")
can :read, UserPreference if scopes.include?("read_prefs")
can [:update, :update_all, :destroy], UserPreference if scopes.include?("write_prefs")
can [:read, :update, :destroy], Message if scopes.include?("consume_messages")
can :create, Message if scopes.include?("send_messages")
if user.terms_agreed?
can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_api")
can :create, ChangesetComment if scopes.include?("write_api")
can [:create, :update, :destroy], [Node, Way, Relation] if scopes.include?("write_api")
end
if user.moderator?
can [:destroy, :restore], ChangesetComment if scopes.include?("write_api")
can :destroy, Note if scopes.include?("write_notes")
can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && scopes.include?("write_redactions")
end
end
end
# Define abilities for the passed in user here. For example:
#
# user ||= User.new # guest user (not logged in)
# if user.admin?
# can :manage, :all
# else
# can :read, :all
# end
#
# The first argument to `can` is the action you are giving the user
# permission to do.
# If you pass :manage it will apply to every action. Other common actions
# here are :read, :create, :update and :destroy.
#
# The second argument is the resource the user can perform the action on.
# If you pass :all it will apply to every resource. Otherwise pass a Ruby
# class of the resource.
#
# The third argument is an optional hash of conditions to further filter the
# objects.
# For example, here the user can only update published articles.
#
# can :update, Article, :published => true
#
# See the wiki for details:
# https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
end
end
Reference in a new issue View git blame Copy permalink