Use CanCanCan for browse controller

author Andy Allan <git@gravitystorm.co.uk>

Wed, 9 Jan 2019 09:10:12 +0000 (10:10 +0100)

committer Andy Allan <git@gravitystorm.co.uk>

Wed, 9 Jan 2019 09:10:12 +0000 (10:10 +0100)
author Andy Allan <git@gravitystorm.co.uk>
Wed, 9 Jan 2019 09:10:12 +0000 (10:10 +0100)
committer Andy Allan <git@gravitystorm.co.uk>
Wed, 9 Jan 2019 09:10:12 +0000 (10:10 +0100)
diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb

index 97a1c5d04c1e85d8f16efec0e749456e1ff1798b..b5026196fb8b67fe8e0469462c94dfe81b1ab048 100644 (file)
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -4,6 +4,7 @@ class Ability
    include CanCan::Ability
  
    def initialize(user)
+    can [:relation, :relation_history, :way, :way_history, :node, :node_history, :changeset, :note], :browse
      can :index, ChangesetComment
      can [:index, :permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id], :site
      can [:index, :rss, :show, :comments], DiaryEntry
diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb

index 6eb9675683f81df3089136e9fdfca2ba62e9ae57..0fccbb506bb2a19dae6db4087853a64b8f0933cf 100644 (file)
--- a/app/controllers/browse_controller.rb
+++ b/app/controllers/browse_controller.rb
@@ -6,6 +6,7 @@ class BrowseController < ApplicationController
    before_action(:except => [:query]) { |c| c.check_database_readable(true) }
    before_action :require_oauth
    around_action :web_timeout
+  authorize_resource :class => false
  
    def relation
      @type = "relation"
author	Andy Allan <git@gravitystorm.co.uk>
	Wed, 9 Jan 2019 09:10:12 +0000 (10:10 +0100)
committer	Andy Allan <git@gravitystorm.co.uk>
	Wed, 9 Jan 2019 09:10:12 +0000 (10:10 +0100)
app/abilities/ability.rb		patch \| blob \| history
app/controllers/browse_controller.rb		patch \| blob \| history