# Load rails plugins
gem "actionpack-page_caching"
+gem "cancancan"
gem "composite_primary_keys", "~> 10.0.0"
gem "dynamic_form"
gem "http_accept_language", "~> 2.0.0"
gem "record_tag_helper"
gem "rinku", ">= 1.2.2", :require => "rails_rinku"
gem "validates_email_format_of", ">= 1.5.1"
-gem "cancancan"
# Native OSM extensions
gem "quad_tile", "~> 1.0.1"
Capability.new(current_user, current_token)
end
- def deny_access(exception)
+ def deny_access(_exception)
if current_user
set_locale
report_error t("oauth.permissions.missing"), :forbidden
before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
before_action :allow_thirdparty_images, :only => [:new, :edit, :list, :view, :comments]
-
def new
@title = t "diary_entry.new.title"
params.require(:diary_comment).permit(:body)
end
-
##
# decide on a location for the diary entry map
def set_map_location
can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
- if user.administrator?
- can [:hide, :hidecomment], [DiaryEntry, DiaryComment]
- end
+ can [:hide, :hidecomment], [DiaryEntry, DiaryComment] if user.administrator?
end
# Define abilities for the passed in user here. For example:
#
def initialize(user, token)
if user
- can [:read, :read_one], UserPreference if has_capability?(token, :allow_read_prefs)
- can [:update, :update_one, :delete_one], UserPreference if has_capability?(token, :allow_write_prefs)
+ can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
+ can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
end
end
+ private
+
# If a user provides no tokens, they've authenticated via a non-oauth method
# and permission to access to all capabilities is assumed.
- def has_capability?(token, cap)
+ def capability?(token, cap)
token.nil? || token.read_attribute(cap)
end
end
end
class GuestAbilityTest < AbilityTest
-
test "geocoder permission for a guest" do
ability = Ability.new nil
assert ability.cannot?(action, DiaryComment), "should be able to #{action} DiaryEntries"
end
end
-
end
class UserAbilityTest < AbilityTest
-
test "Diary permissions" do
ability = Ability.new create(:user)
end
class AdministratorAbilityTest < AbilityTest
-
test "Diary for an administrator" do
ability = Ability.new create(:administrator_user)
[:list, :rss, :view, :comments, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
assert ability.cannot? act, UserPreference
end
end
-
-
end
end
end
-
##
# set request readers to ask for a particular error format
def error_format(format)
projects / rails.git / commitdiff