if Settings.status != "database_offline"
can [:show, :download, :query], Changeset
- can [:index, :create, :comment, :feed, :show, :search], Note
+ can [:index, :create, :feed, :show, :search], Note
can :index, Tracepoint
can [:index, :show], User
can [:index, :show], Node
if Settings.status != "database_offline"
can [:index, :new, :create, :show, :edit, :update, :destroy], ClientApplication
can [:new, :create, :reply, :show, :inbox, :outbox, :mark, :destroy], Message
- can [:close, :reopen], Note
+ can [:comment, :close, :reopen], Note
can [:new, :create], Report
can [:create, :show, :update, :destroy, :data], Trace
can [:details, :gpx_files], User
##
# Add a comment to an existing note
def comment
- # Check the ACLs
- raise OSM::APIAccessDenied if current_user.nil? && Acl.no_note_comment(request.remote_ip)
-
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
test "note permissions for a guest" do
ability = ApiAbility.new nil
- [:index, :create, :comment, :feed, :show, :search].each do |action|
+ [:index, :create, :feed, :show, :search].each do |action|
assert ability.can?(action, Note), "should be able to #{action} Notes"
end
- [:close, :reopen, :destroy].each do |action|
+ [:comment, :close, :reopen, :destroy].each do |action|
assert ability.cannot?(action, Note), "should not be able to #{action} Notes"
end
end
projects / rails.git / commitdiff