X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/8d76be71bbb8a799cbf0627dee170f26ade5a11f..c32f6dd4fffe1d2b5fc34f42e447e7b5c8fc5b92:/app/abilities/api_capability.rb diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb index 04d7fe10a..44e676345 100644 --- a/app/abilities/api_capability.rb +++ b/app/abilities/api_capability.rb @@ -11,29 +11,27 @@ class ApiCapability token.user end - can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) - can [:show, :data], Trace if scope?(token, :read_gpx) - can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) - can [:details], User if scope?(token, :read_prefs) - can [:gpx_files], User if scope?(token, :read_gpx) - can [:index, :show], UserPreference if scope?(token, :read_prefs) - can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) + if user&.active? + can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) + can [:show, :data], Trace if scope?(token, :read_gpx) + can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) + can [:details], User if scope?(token, :read_prefs) + can [:gpx_files], User if scope?(token, :read_gpx) + can [:index, :show], UserPreference if scope?(token, :read_prefs) + can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) + can [:inbox, :outbox, :show, :update, :destroy], Message if scope?(token, :consume_messages) + can [:create], Message if scope?(token, :send_messages) - if user&.terms_agreed? - can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) - can :create, ChangesetComment if scope?(token, :write_api) - can [:create, :update, :delete], Node if scope?(token, :write_api) - can [:create, :update, :delete], Way if scope?(token, :write_api) - can [:create, :update, :delete], Relation if scope?(token, :write_api) - end + if user.terms_agreed? + can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) + can :create, ChangesetComment if scope?(token, :write_api) + can [:create, :update, :delete], [Node, Way, Relation] if scope?(token, :write_api) + end - if user&.moderator? - can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) - can :destroy, Note if scope?(token, :write_notes) - if user&.terms_agreed? - can :redact, OldNode if scope?(token, :write_api) - can :redact, OldWay if scope?(token, :write_api) - can :redact, OldRelation if scope?(token, :write_api) + if user.moderator? + can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) + can :destroy, Note if scope?(token, :write_notes) + can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && (scope?(token, :write_api) || scope?(token, :write_redactions)) end end end