]> git.openstreetmap.org Git - rails.git/blobdiff - app/abilities/api_capability.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disentangle the api abilities from the web abilities
[rails.git] / app / abilities / api_capability.rb
diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb
new file mode 100644 (file)
index 0000000..9f59b1f
--- /dev/null
+++ b/app/abilities/api_capability.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+class ApiCapability
+  include CanCan::Ability
+
+  def initialize(token)
+    if Settings.status != "database_offline"
+      can [:create, :comment, :close, :reopen], Note if capability?(token, :allow_write_notes)
+      can [:api_read, :api_data], Trace if capability?(token, :allow_read_gpx)
+      can [:api_create, :api_update, :api_delete], Trace if capability?(token, :allow_write_gpx)
+      can [:api_details], User if capability?(token, :allow_read_prefs)
+      can [:api_gpx_files], User if capability?(token, :allow_read_gpx)
+      can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
+      can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
+
+      if token&.user&.terms_agreed?
+        can [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox], Changeset if capability?(token, :allow_write_api)
+        can :create, ChangesetComment if capability?(token, :allow_write_api)
+        can [:create, :update, :delete], Node if capability?(token, :allow_write_api)
+        can [:create, :update, :delete], Way if capability?(token, :allow_write_api)
+        can [:create, :update, :delete], Relation if capability?(token, :allow_write_api)
+      end
+
+      if token&.user&.moderator?
+        can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
+        can :destroy, Note if capability?(token, :allow_write_notes)
+        if token&.user&.terms_agreed?
+          can :redact, OldNode if capability?(token, :allow_write_api)
+          can :redact, OldWay if capability?(token, :allow_write_api)
+          can :redact, OldRelation if capability?(token, :allow_write_api)
+        end
+      end
+    end
+  end
+
+  private
+
+  def capability?(token, cap)
+    token&.read_attribute(cap)
+  end
+end
The OpenStreetMap web site