X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/ffa65d4d725fc376037cd8390f30df45f85b6d8e..060c686c1923534d2899ee129cc740e0f2fa7c9f:/app/models/ability.rb

diff --git a/app/models/ability.rb b/app/models/ability.rb
index c712e3e82..6a61eeff3 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -1,11 +1,25 @@
+# frozen_string_literal: true
+
 class Ability
   include CanCan::Ability
 
-  def initialize(user)
+  def initialize(user, token)
     can :index, :site
+    can [:permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id, :welcome], :site
+
+    can [:list, :rss, :view, :comments], DiaryEntry
 
     if user
-      can :welcome, :site
+      can :weclome, :site
+
+      can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
+
+      can [:read, :read_one], UserPreference if has_capability?(token, :allow_read_prefs)
+      can [:update, :update_one, :delete_one], UserPreference if has_capability?(token, :allow_write_prefs)
+
+      if user.administrator?
+        can [:hide, :hidecomment], [DiaryEntry, DiaryComment]
+      end
     end
     # Define abilities for the passed in user here. For example:
     #
@@ -34,4 +48,8 @@ class Ability
     # See the wiki for details:
     # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
   end
+
+  def has_capability?(token, cap)
+    token && token.read_attribute(cap)
+  end
 end