X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/9cb7a7b36b8ee68502d5da94db6bc3dda29051b4..6c4b028232f5ad687c0def013b8de6a2b4013b4f:/app/abilities/api_capability.rb?ds=sidebyside diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb index 8c52327cf..44e676345 100644 --- a/app/abilities/api_capability.rb +++ b/app/abilities/api_capability.rb @@ -19,23 +19,19 @@ class ApiCapability can [:gpx_files], User if scope?(token, :read_gpx) can [:index, :show], UserPreference if scope?(token, :read_prefs) can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs) + can [:inbox, :outbox, :show, :update, :destroy], Message if scope?(token, :consume_messages) + can [:create], Message if scope?(token, :send_messages) if user.terms_agreed? can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scope?(token, :write_api) can :create, ChangesetComment if scope?(token, :write_api) - can [:create, :update, :delete], Node if scope?(token, :write_api) - can [:create, :update, :delete], Way if scope?(token, :write_api) - can [:create, :update, :delete], Relation if scope?(token, :write_api) + can [:create, :update, :delete], [Node, Way, Relation] if scope?(token, :write_api) end if user.moderator? can [:destroy, :restore], ChangesetComment if scope?(token, :write_api) can :destroy, Note if scope?(token, :write_notes) - if user&.terms_agreed? - can :redact, OldNode if scope?(token, :write_api) - can :redact, OldWay if scope?(token, :write_api) - can :redact, OldRelation if scope?(token, :write_api) - end + can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && (scope?(token, :write_api) || scope?(token, :write_redactions)) end end end