]> git.openstreetmap.org Git - rails.git/blob - app/abilities/capability.rb
Use CanCanCan for notes authorization
[rails.git] / app / abilities / capability.rb
1 # frozen_string_literal: true
2
3 class Capability
4   include CanCan::Ability
5
6   def initialize(token)
7     can :create, ChangesetComment if capability?(token, :allow_write_api)
8     can [:create, :comment, :close, :reopen], Note if capability?(token, :allow_write_notes)
9     can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
10     can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
11
12     if token&.user&.moderator?
13       can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
14       can :destroy, Note if capability?(token, :allow_write_notes)
15     end
16   end
17
18   private
19
20   def capability?(token, cap)
21     token&.read_attribute(cap)
22   end
23 end