]> git.openstreetmap.org Git - rails.git/blobdiff - app/abilities/api_capability.rb
Check if db is writable on oauth authorization pages
[rails.git] / app / abilities / api_capability.rb
index 2035afff991690cbd3a507dfe4962ca4bf92887a..0e953d50b11c95f2294bb2ec31f752b22a1966dc 100644 (file)
@@ -5,10 +5,11 @@ class ApiCapability
 
   def initialize(token)
     if Settings.status != "database_offline"
-      user = (User.find(token.resource_owner_id) if token.respond_to?(:resource_owner_id))
+      user = User.find(token.resource_owner_id)
 
       if user&.active?
         can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes)
+        can [:create, :destroy], NoteSubscription if scope?(token, :write_notes)
         can [:show, :data], Trace if scope?(token, :read_gpx)
         can [:create, :update, :destroy], Trace if scope?(token, :write_gpx)
         can [:details], User if scope?(token, :read_prefs)
@@ -27,7 +28,7 @@ class ApiCapability
         if user.moderator?
           can [:destroy, :restore], ChangesetComment if scope?(token, :write_api)
           can :destroy, Note if scope?(token, :write_notes)
-          can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && (scope?(token, :write_api) || scope?(token, :write_redactions))
+          can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && scope?(token, :write_redactions)
         end
       end
     end