From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 2 Jan 2019 18:17:32 +0000 (+0100)
Subject: Use CanCanCan for search controller
X-Git-Tag: live~2749^2~6
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/ad68d4c6341ef5e9a804c9605092e7269980bc7b

Use CanCanCan for search controller
---

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index 1fcf6cbee..01af7eede 100644
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -11,6 +11,7 @@ class Ability
          :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
     can [:index, :create, :comment, :feed, :show, :search, :mine], Note
     can [:index, :show], Redaction
+    can [:search_all, :search_nodes, :search_ways, :search_relations], :search
     can [:terms, :api_users, :login, :logout, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :api_read, :auth_success, :auth_failure], User
     can [:index, :show, :blocks_on, :blocks_by], UserBlock
 
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 0d40b6691..3a2e4040f 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -3,6 +3,7 @@ class SearchController < ApplicationController
   # Can search by tag k, v, or both (type->k,value->v)
   # Can search by name (k=name,v=....)
   skip_before_action :verify_authenticity_token
+  authorize_resource :class => false
 
   def search_all
     do_search(true, true, true)