can :welcome, :site
can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
can [:new, :create], Report
+ can [:read, :read_one, :update, :update_one, :delete_one], UserPreference
if user.moderator?
can [:index, :show, :resolve, :ignore, :reopen], Issue
if user
can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
-
end
end
private
- # If a user provides no tokens, they've authenticated via a non-oauth method
- # and permission to access to all capabilities is assumed.
def capability?(token, cap)
- token.nil? || token.read_attribute(cap)
+ token&.read_attribute(cap)
end
end
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
end
end
-
- test "administrator does not auto-grant user preferences" do
- ability = Ability.new create(:administrator_user)
-
- [:read, :read_one, :update, :update_one, :delete_one].each do |act|
- assert ability.cannot? act, UserPreference
- end
- end
end
# a user with no tokens
capability = Capability.new create(:user), nil
[:read, :read_one, :update, :update_one, :delete_one].each do |act|
- assert capability.can? act, UserPreference
+ assert capability.cannot? act, UserPreference
end
# A user with empty tokens