From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 9 Jan 2019 14:34:54 +0000 (+0100)
Subject: Use CanCanCan for oauth clients controller
X-Git-Tag: live~2768^2
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/b184b39f344b7298370c246d8f45d10f48d01a7e?ds=sidebyside

Use CanCanCan for oauth clients controller
---

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index c4ea4ef8f..7138374f3 100644
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -16,6 +16,7 @@ class Ability
 
     if user
       can :welcome, :site
+      can [:index, :new, :create, :show, :edit, :update, :destroy], ClientApplication
       can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
       can [:new, :create, :reply, :show, :inbox, :outbox, :mark, :destroy], Message
       can [:close, :reopen], Note
diff --git a/app/controllers/oauth_clients_controller.rb b/app/controllers/oauth_clients_controller.rb
index eb427e090..b925002ec 100644
--- a/app/controllers/oauth_clients_controller.rb
+++ b/app/controllers/oauth_clients_controller.rb
@@ -3,7 +3,8 @@ class OauthClientsController < ApplicationController
 
   before_action :authorize_web
   before_action :set_locale
-  before_action :require_user
+
+  authorize_resource :class => ClientApplication
 
   def index
     @client_applications = current_user.client_applications