X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/6df5bd4acd8037d09af95f369ebfbabc826e8191..90e787eed845a850eab63a22831c9cfa47f4dd3d:/app/abilities/api_ability.rb diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb index 97b461b1f..ec4de8f8e 100644 --- a/app/abilities/api_ability.rb +++ b/app/abilities/api_ability.rb @@ -3,50 +3,49 @@ class ApiAbility include CanCan::Ability - def initialize(token) + def initialize(user, scopes) can :read, [:version, :capability, :permission, :map] if Settings.status != "database_offline" - user = User.find(token.resource_owner_id) if token - can [:read, :feed, :search], Note - can :create, Note unless token + can :create, Note unless user can [:read, :download], Changeset can :read, Tracepoint can :read, User - can :read, Node - can [:read, :ways_for_node], Way - can [:read, :relations_for_node, :relations_for_way, :relations_for_relation], Relation - can [:history, :read], [OldNode, OldWay, OldRelation] + can :read, [Node, Way, Relation, OldNode, OldWay, OldRelation] can :read, UserBlock if user&.active? - can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) - can [:create, :destroy], NoteSubscription if scope?(token, :write_notes) + can [:create, :comment, :close, :reopen], Note if scopes.include?("write_notes") + can [:create, :destroy], NoteSubscription if scopes.include?("write_notes") + + can :read, Trace if scopes.include?("read_gpx") + can [:create, :update, :destroy], Trace if scopes.include?("write_gpx") - can :read, Trace if scope?(token, :read_gpx) - can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) + can :details, User if scopes.include?("read_prefs") + can :read, UserPreference if scopes.include?("read_prefs") + can [:update, :update_all, :destroy], UserPreference if scopes.include?("write_prefs") - can :details, User if scope?(token, :read_prefs) - can :read, UserPreference if scope?(token, :read_prefs) - can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) + can [:read, :update, :destroy], Message if scopes.include?("consume_messages") + can :create, Message if scopes.include?("send_messages") - can [:read, :update, :destroy], Message if scope?(token, :consume_messages) - can :create, Message if scope?(token, :send_messages) + can :read, :active_user_blocks_list if scopes.include?("read_prefs") if user.terms_agreed? - can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) - can :create, ChangesetComment if scope?(token, :write_api) - can [:create, :update, :destroy], [Node, Way, Relation] if scope?(token, :write_api) + can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_map") + can :create, ChangesetComment if scopes.include?("write_changeset_comments") + can [:create, :update, :destroy], [Node, Way, Relation] if scopes.include?("write_map") end if user.moderator? - can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) + can [:destroy, :restore], ChangesetComment if scopes.include?("write_changeset_comments") + + can :destroy, Note if scopes.include?("write_notes") - can :destroy, Note if scope?(token, :write_notes) + can :redact, [OldNode, OldWay, OldRelation] if user.terms_agreed? && scopes.include?("write_redactions") - can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && scope?(token, :write_redactions) + can :create, UserBlock if scopes.include?("write_blocks") end end end @@ -78,10 +77,4 @@ class ApiAbility # See the wiki for details: # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities end - - private - - def scope?(token, scope) - token&.includes_scope?(scope) - end end