Authorize actions on GeocoderController with CanCanCan Ability

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 8fc15ded5b5e006d242d994b39255b3e079de615..d33430fb4fbc285148d216863f7e242c2c955a9e 100644 (file)
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -9,6 +9,9 @@ class Ability
 
     can [:list, :rss, :view, :comments], DiaryEntry
 
+    can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
+         :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
+
     if user
       can :weclome, :site
 

diff --git a/test/models/abilities_test.rb b/test/models/abilities_test.rb
index de9f9ba9bab1fe883eb4196c4c7bb8075c264c5a..298e8299b4dd0988f916759baf11b7f5a1592fdc 100644 (file)
--- a/test/models/abilities_test.rb
+++ b/test/models/abilities_test.rb
@@ -16,6 +16,15 @@ end
 
 class GuestAbilityTest < AbilityTest
 
+  test "geocoder permission for a guest" do
+    ability = Ability.new nil, tokens
+
+    [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
+     :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse].each do |action|
+      assert ability.can?(action, :geocoder), "should be able to #{action} geocoder"
+    end
+  end
+
   test "diary permissions for a guest" do
     ability = Ability.new nil, tokens
     [:list, :rss, :view, :comments].each do |action|