X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/efd50cd529990069dc1ca95f66ec6f61471fe29d..227e1b134def3be346fe47e951a5beb54513f600:/app/abilities/capability.rb

diff --git a/app/abilities/capability.rb b/app/abilities/capability.rb
index 2a5c92774..f4c24e97d 100644
--- a/app/abilities/capability.rb
+++ b/app/abilities/capability.rb
@@ -4,8 +4,33 @@ class Capability
   include CanCan::Ability
 
   def initialize(token)
-    can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
-    can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
+    if Settings.status != "database_offline"
+      can [:create, :comment, :close, :reopen], Note if capability?(token, :allow_write_notes)
+      can [:api_read, :api_data], Trace if capability?(token, :allow_read_gpx)
+      can [:api_create, :api_update, :api_delete], Trace if capability?(token, :allow_write_gpx)
+      can [:api_details], User if capability?(token, :allow_read_prefs)
+      can [:api_gpx_files], User if capability?(token, :allow_read_gpx)
+      can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
+      can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
+
+      if token&.user&.terms_agreed?
+        can [:create, :update, :upload, :close, :subscribe, :unsubscribe, :expand_bbox], Changeset if capability?(token, :allow_write_api)
+        can :create, ChangesetComment if capability?(token, :allow_write_api)
+        can [:create, :update, :delete], Node if capability?(token, :allow_write_api)
+        can [:create, :update, :delete], Way if capability?(token, :allow_write_api)
+        can [:create, :update, :delete], Relation if capability?(token, :allow_write_api)
+      end
+
+      if token&.user&.moderator?
+        can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
+        can :destroy, Note if capability?(token, :allow_write_notes)
+        if token&.user&.terms_agreed?
+          can :redact, OldNode if capability?(token, :allow_write_api)
+          can :redact, OldWay if capability?(token, :allow_write_api)
+          can :redact, OldRelation if capability?(token, :allow_write_api)
+        end
+      end
+    end
   end
 
   private