From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 9 Jan 2019 09:10:12 +0000 (+0100)
Subject: Use CanCanCan for browse controller
X-Git-Tag: live~2770^2~4
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/1e30edba53f179fb06a1233b245252d1d5a8ead1

Use CanCanCan for browse controller
---

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index 97a1c5d04..b5026196f 100644
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -4,6 +4,7 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
+    can [:relation, :relation_history, :way, :way_history, :node, :node_history, :changeset, :note], :browse
     can :index, ChangesetComment
     can [:index, :permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id], :site
     can [:index, :rss, :show, :comments], DiaryEntry
diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb
index 6eb967568..0fccbb506 100644
--- a/app/controllers/browse_controller.rb
+++ b/app/controllers/browse_controller.rb
@@ -6,6 +6,7 @@ class BrowseController < ApplicationController
   before_action(:except => [:query]) { |c| c.check_database_readable(true) }
   before_action :require_oauth
   around_action :web_timeout
+  authorize_resource :class => false
 
   def relation
     @type = "relation"