X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/12c1d5e6c05813a0697724277b4d8529a1a7c240..37e6725d2d85e92df4bc770b73e137a52afb63a4:/app/abilities/api_capability.rb diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb index 04d7fe10a..f27dd2e63 100644 --- a/app/abilities/api_capability.rb +++ b/app/abilities/api_capability.rb @@ -11,29 +11,25 @@ class ApiCapability token.user end - can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) - can [:show, :data], Trace if scope?(token, :read_gpx) - can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) - can [:details], User if scope?(token, :read_prefs) - can [:gpx_files], User if scope?(token, :read_gpx) - can [:index, :show], UserPreference if scope?(token, :read_prefs) - can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) + if user&.active? + can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) + can [:show, :data], Trace if scope?(token, :read_gpx) + can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) + can [:details], User if scope?(token, :read_prefs) + can [:gpx_files], User if scope?(token, :read_gpx) + can [:index, :show], UserPreference if scope?(token, :read_prefs) + can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) - if user&.terms_agreed? - can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) - can :create, ChangesetComment if scope?(token, :write_api) - can [:create, :update, :delete], Node if scope?(token, :write_api) - can [:create, :update, :delete], Way if scope?(token, :write_api) - can [:create, :update, :delete], Relation if scope?(token, :write_api) - end + if user.terms_agreed? + can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) + can :create, ChangesetComment if scope?(token, :write_api) + can [:create, :update, :delete], [Node, Way, Relation] if scope?(token, :write_api) + end - if user&.moderator? - can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) - can :destroy, Note if scope?(token, :write_notes) - if user&.terms_agreed? - can :redact, OldNode if scope?(token, :write_api) - can :redact, OldWay if scope?(token, :write_api) - can :redact, OldRelation if scope?(token, :write_api) + if user.moderator? + can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) + can :destroy, Note if scope?(token, :write_notes) + can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && (scope?(token, :write_api) || scope?(token, :write_redactions)) end end end