Require terms agreement for abilities and capabilities related to api write methods
[rails.git] / app / abilities / capability.rb
index 6aa1c418ca8f0ffbc624b3b38158ba9fc7f5792e..ae30a0ebd00d7e563665a8c900f7981088b10a9a 100644 (file)
@@ -4,13 +4,16 @@ class Capability
   include CanCan::Ability
 
   def initialize(token)
-    can :create, ChangesetComment if capability?(token, :allow_write_api)
     can [:create, :comment, :close, :reopen], Note if capability?(token, :allow_write_notes)
     can [:api_details], User if capability?(token, :allow_read_prefs)
     can [:api_gpx_files], User if capability?(token, :allow_read_gpx)
     can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
     can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
 
+    if token&.user&.terms_agreed? || !REQUIRE_TERMS_AGREED
+      can :create, ChangesetComment if capability?(token, :allow_write_api)
+    end
+
     if token&.user&.moderator?
       can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
       can :destroy, Note if capability?(token, :allow_write_notes)