From 44eea9dcaf42cdd0737ae9344e357901c9fe31b6 Mon Sep 17 00:00:00 2001
From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 2 Jan 2019 19:21:10 +0100
Subject: [PATCH] Use CanCanCan for export controller

---
 app/abilities/ability.rb             | 1 +
 app/controllers/export_controller.rb | 1 +
 2 files changed, 2 insertions(+)

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index 01af7eede..97a1c5d04 100644
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -7,6 +7,7 @@ class Ability
     can :index, ChangesetComment
     can [:index, :permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id], :site
     can [:index, :rss, :show, :comments], DiaryEntry
+    can [:finish, :embed], :export
     can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
          :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
     can [:index, :create, :comment, :feed, :show, :search, :mine], Note
diff --git a/app/controllers/export_controller.rb b/app/controllers/export_controller.rb
index afdf4d8d7..18ac15c10 100644
--- a/app/controllers/export_controller.rb
+++ b/app/controllers/export_controller.rb
@@ -2,6 +2,7 @@ class ExportController < ApplicationController
   before_action :authorize_web
   before_action :set_locale
   before_action :update_totp, :only => [:finish]
+  authorize_resource :class => false
 
   caches_page :embed
 
-- 
2.43.2