+# frozen_string_literal: true
+
class Ability
include CanCan::Ability
- def initialize(user)
+ def initialize(user, token)
can :index, :site
+ can [:permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id, :welcome], :site
+
+ can [:list, :rss, :view, :comments], DiaryEntry
+
+ can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
+ :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
if user
- can :welcome, :site
+ can :weclome, :site
+
+ can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
+
+ can [:read, :read_one], UserPreference if has_capability?(token, :allow_read_prefs)
+ can [:update, :update_one, :delete_one], UserPreference if has_capability?(token, :allow_write_prefs)
+
+ if user.administrator?
+ can [:hide, :hidecomment], [DiaryEntry, DiaryComment]
+ end
end
# Define abilities for the passed in user here. For example:
#
# See the wiki for details:
# https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
end
+
+ # If a user provides no tokens, they've authenticated via a non-oauth method
+ # and permission to access to all capabilities is assumed.
+ def has_capability?(token, cap)
+ token.nil? || token.read_attribute(cap)
+ end
end
projects / rails.git / blobdiff