X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/f5af8befa9ffe0c95f4a3c58d2fbb63a2e971ab0..efc65b86a23032e7867314082f80e1da3654b51a:/app/abilities/api_ability.rb?ds=inline

diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb
index a0340c5cd..b0bd2578f 100644
--- a/app/abilities/api_ability.rb
+++ b/app/abilities/api_ability.rb
@@ -3,14 +3,15 @@
 class ApiAbility
   include CanCan::Ability
 
-  def initialize(user, scopes)
+  def initialize(user, scopes) # rubocop:disable Metrics/CyclomaticComplexity
     can :read, [:version, :capability, :permission, :map]
 
     if Settings.status != "database_offline"
       can [:read, :feed, :search], Note
       can :create, Note unless user
 
-      can [:read, :download], Changeset
+      can :read, Changeset
+      can :read, ChangesetComment
       can :read, Tracepoint
       can :read, User
       can :read, [Node, Way, Relation, OldNode, OldWay, OldRelation]
@@ -30,18 +31,23 @@ class ApiAbility
         can [:read, :update, :destroy], Message if scopes.include?("consume_messages")
         can :create, Message if scopes.include?("send_messages")
 
+        can :read, :active_user_blocks_list if scopes.include?("read_prefs")
+
         if user.terms_agreed?
-          can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_map")
+          can [:create, :update, :upload, :close], Changeset if scopes.include?("write_map")
+          can [:create, :destroy], ChangesetSubscription if scopes.include?("write_map")
           can :create, ChangesetComment if scopes.include?("write_changeset_comments")
           can [:create, :update, :destroy], [Node, Way, Relation] if scopes.include?("write_map")
         end
 
         if user.moderator?
-          can [:destroy, :restore], ChangesetComment if scopes.include?("write_changeset_comments")
+          can [:create, :destroy], :changeset_comment_visibility if scopes.include?("write_changeset_comments")
 
           can :destroy, Note if scopes.include?("write_notes")
 
-          can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && scopes.include?("write_redactions")
+          can [:create, :destroy], :element_version_redaction if user.terms_agreed? && scopes.include?("write_redactions")
+
+          can :create, UserBlock if scopes.include?("write_blocks")
         end
       end
     end