Use CanCanCan for redaction authorizations

author Andy Allan <git@gravitystorm.co.uk>

Wed, 7 Nov 2018 12:28:58 +0000 (13:28 +0100)

committer Andy Allan <git@gravitystorm.co.uk>

Wed, 7 Nov 2018 12:28:58 +0000 (13:28 +0100)
author Andy Allan <git@gravitystorm.co.uk>
Wed, 7 Nov 2018 12:28:58 +0000 (13:28 +0100)
committer Andy Allan <git@gravitystorm.co.uk>
Wed, 7 Nov 2018 12:28:58 +0000 (13:28 +0100)
diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb

index ea60d496fb7bb914218b14d2c455587820171838..d7a10005764ba78011b2e68df59089575fc180fe 100644 (file)
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -8,6 +8,7 @@ class Ability
      can [:index, :rss, :show, :comments], DiaryEntry
      can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
           :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
+    can [:index, :show], Redaction
      can [:index, :show, :blocks_on, :blocks_by], UserBlock
  
      if user
@@ -19,6 +20,7 @@ class Ability
        if user.moderator?
          can [:index, :show, :resolve, :ignore, :reopen], Issue
          can :create, IssueComment
+        can [:new, :create, :edit, :update, :destroy], Redaction
          can [:new, :edit, :create, :update, :revoke], UserBlock
        end
  
diff --git a/app/controllers/redactions_controller.rb b/app/controllers/redactions_controller.rb

index b8ecce9e250fca521d3ae346f8b958a30026973e..45a41058c04f77cc785775060e30a4663777a9d4 100644 (file)
--- a/app/controllers/redactions_controller.rb
+++ b/app/controllers/redactions_controller.rb
@@ -3,8 +3,9 @@ class RedactionsController < ApplicationController
  
    before_action :authorize_web
    before_action :set_locale
-  before_action :require_user, :only => [:new, :create, :edit, :update, :destroy]
-  before_action :require_moderator, :only => [:new, :create, :edit, :update, :destroy]
+
+  authorize_resource
+
    before_action :lookup_redaction, :only => [:show, :edit, :update, :destroy]
    before_action :check_database_readable
    before_action :check_database_writable, :only => [:create, :update, :destroy]
diff --git a/test/controllers/redactions_controller_test.rb b/test/controllers/redactions_controller_test.rb

index e2123f7250ee42afc9a0bbbf19dbfa1a47216c9f..08f32d4d0cea97b1ee4f28eb2f6eaef347d478e7 100644 (file)
--- a/test/controllers/redactions_controller_test.rb
+++ b/test/controllers/redactions_controller_test.rb
@@ -64,8 +64,7 @@ class RedactionsControllerTest < ActionController::TestCase
      session[:user] = create(:user).id
  
      get :new
-    assert_response :redirect
-    assert_redirected_to redactions_path
+    assert_response :forbidden
    end
  
    def test_create_moderator
@@ -141,8 +140,7 @@ class RedactionsControllerTest < ActionController::TestCase
      session[:user] = create(:user).id
  
      get :edit, :params => { :id => create(:redaction).id }
-    assert_response :redirect
-    assert_redirected_to(redactions_path)
+    assert_response :forbidden
    end
  
    def test_update_moderator
author	Andy Allan <git@gravitystorm.co.uk>
	Wed, 7 Nov 2018 12:28:58 +0000 (13:28 +0100)
committer	Andy Allan <git@gravitystorm.co.uk>
	Wed, 7 Nov 2018 12:28:58 +0000 (13:28 +0100)
app/abilities/ability.rb		patch \| blob \| history
app/controllers/redactions_controller.rb		patch \| blob \| history
test/controllers/redactions_controller_test.rb		patch \| blob \| history