Use CanCanCan for nodes, ways, relations, old and api controllers

[rails.git] / app / abilities / capability.rb

diff --git a/app/abilities/capability.rb b/app/abilities/capability.rb
index b6cad31158672178c4643654cd6fb2a40028318f..3d951900be11c07b638b8410b5bc26be95e64ab6 100644 (file)
--- a/app/abilities/capability.rb
+++ b/app/abilities/capability.rb
@@ -13,12 +13,21 @@ class Capability
     can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
 
     if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED
+      can [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox], Changeset if capability?(token, :allow_write_api)
       can :create, ChangesetComment if capability?(token, :allow_write_api)
+      can [:create, :update, :delete], Node if capability?(token, :allow_write_api)
+      can [:create, :update, :delete], Way if capability?(token, :allow_write_api)
+      can [:create, :update, :delete], Relation if capability?(token, :allow_write_api)
     end
 
     if token&.user&.moderator?
       can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
       can :destroy, Note if capability?(token, :allow_write_notes)
+      if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED
+        can :redact, OldNode if capability?(token, :allow_write_api)
+        can :redact, OldWay if capability?(token, :allow_write_api)
+        can :redact, OldRelation if capability?(token, :allow_write_api)
+      end
     end
   end