Rework capabilities to avoid assumptions about missing tokens
authorAndy Allan <git@gravitystorm.co.uk>
Wed, 24 Oct 2018 10:07:00 +0000 (12:07 +0200)
committerAndy Allan <git@gravitystorm.co.uk>
Wed, 24 Oct 2018 10:07:00 +0000 (12:07 +0200)
commit71b21ec47371c7210dfcb234f7bfa0adf00efad1
treeeffb80e06bd5b7a3da9f06b6349b69760d4711a9
parenta50ad1c895f2d7ed3dfa4d40f3748ae6fb801256
Rework capabilities to avoid assumptions about missing tokens

The logic about missing tokens implying logged in users (and that
all logged in users have access to any method protected by a token
capability) is correct. However, I believe it is both confusing and
brittle, and leaves a security-related door ajar for future foot-gun
incidents.

Instead, apply Abilities as normal, and keep the Capabilities
involvement only for situations where a token is provided. This
reduces the cognitive burden when considering Abilities in isolation.
app/models/ability.rb
app/models/capability.rb
test/models/abilities_test.rb
test/models/capability_test.rb