1 # frozen_string_literal: true
4 include CanCan::Ability
6 def initialize(user, token)
8 can [:permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id, :welcome], :site
10 can [:list, :rss, :view, :comments], DiaryEntry
12 can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
13 :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
18 can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
20 can [:read, :read_one], UserPreference if has_capability?(token, :allow_read_prefs)
21 can [:update, :update_one, :delete_one], UserPreference if has_capability?(token, :allow_write_prefs)
23 if user.administrator?
24 can [:hide, :hidecomment], [DiaryEntry, DiaryComment]
27 # Define abilities for the passed in user here. For example:
29 # user ||= User.new # guest user (not logged in)
36 # The first argument to `can` is the action you are giving the user
38 # If you pass :manage it will apply to every action. Other common actions
39 # here are :read, :create, :update and :destroy.
41 # The second argument is the resource the user can perform the action on.
42 # If you pass :all it will apply to every resource. Otherwise pass a Ruby
43 # class of the resource.
45 # The third argument is an optional hash of conditions to further filter the
47 # For example, here the user can only update published articles.
49 # can :update, Article, :published => true
51 # See the wiki for details:
52 # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
55 # If a user provides no tokens, they've authenticated via a non-oauth method
56 # and permission to access to all capabilities is assumed.
57 def has_capability?(token, cap)
58 token.nil? || token.read_attribute(cap)
projects / rails.git / blob