X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/721f8e00b287974d6346e3c62bb8d0d599cc7db3..b95a8d03e32a86838d99ded814a08cb7aac44772:/app/abilities/api_capability.rb

diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb
index d8be13643..1c2eab41f 100644
--- a/app/abilities/api_capability.rb
+++ b/app/abilities/api_capability.rb
@@ -9,13 +9,14 @@ class ApiCapability
 
       if user&.active?
         can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes)
-        can [:show, :data], Trace if scope?(token, :read_gpx)
+        can [:create, :destroy], NoteSubscription if scope?(token, :write_notes)
+        can [:read, :data], Trace if scope?(token, :read_gpx)
         can [:create, :update, :destroy], Trace if scope?(token, :write_gpx)
         can [:details], User if scope?(token, :read_prefs)
         can [:gpx_files], User if scope?(token, :read_gpx)
-        can [:index, :show], UserPreference if scope?(token, :read_prefs)
+        can :read, UserPreference if scope?(token, :read_prefs)
         can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs)
-        can [:inbox, :outbox, :show, :update, :destroy], Message if scope?(token, :consume_messages)
+        can [:inbox, :outbox, :read, :update, :destroy], Message if scope?(token, :consume_messages)
         can [:create], Message if scope?(token, :send_messages)
 
         if user.terms_agreed?