require_capability(:allow_write_gpx)
end
- ##
- # require that the user is a moderator, or fill out a helpful error message
- # and return them to the index for the controller this is wrapped from.
- def require_moderator
- unless current_user.moderator?
- if request.get?
- flash[:error] = t("application.require_moderator.not_a_moderator")
- redirect_to :action => "index"
- else
- head :forbidden
- end
- end
- end
-
##
# sets up the current_user for use by other methods. this is mostly called
# from the authorize method, but can be called elsewhere if authorisation
##
# to be used as a before_filter *after* authorize. this checks that
# the user is a moderator and, if not, returns a forbidden error.
- #
- # NOTE: this isn't a very good way of doing it - it duplicates logic
- # from require_moderator - but what we really need to do is a fairly
- # drastic refactoring based on :format and respond_to? but not a
- # good idea to do that in this branch.
def authorize_moderator(errormessage = "Access restricted to moderators")
# check user is a moderator
unless current_user.moderator?
:frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
:connect_src => [NOMINATIM_URL, OVERPASS_URL, OSRM_URL, GRAPHHOPPER_URL],
:form_action => %w[render.openstreetmap.org],
+ :style_src => %w['unsafe-inline'],
:script_src => [MAPQUEST_DIRECTIONS_URL],
:img_src => %w[developer.mapquest.com]
)
end
def current_ability
- # Add in capabilities from the oauth token if it exists and is a valid access token
+ # Use capabilities from the oauth token if it exists and is a valid access token
if Authenticator.new(self, [:token]).allow?
- Ability.new(current_user).merge(Capability.new(current_token))
+ Ability.new(nil).merge(Capability.new(current_token))
else
Ability.new(current_user)
end