can [:index, :rss, :show, :comments], DiaryEntry
can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim,
:search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder
+ can [:index, :create, :comment, :feed, :show, :search, :mine], Note
can [:index, :show], Redaction
can [:index, :show, :blocks_on, :blocks_by], UserBlock
can :welcome, :site
can :create, ChangesetComment
can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
+ can [:close, :reopen], Note
can [:new, :create], Report
can [:read, :read_one, :update, :update_one, :delete_one], UserPreference
can [:destroy, :restore], ChangesetComment
can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment
+ can :destroy, Note
can [:new, :create, :edit, :update, :destroy], Redaction
can [:new, :edit, :create, :update, :revoke], UserBlock
end
def initialize(token)
can :create, ChangesetComment if capability?(token, :allow_write_api)
+ can [:create, :comment, :close, :reopen], Note if capability?(token, :allow_write_notes)
can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
if token&.user&.moderator?
can [:destroy, :restore], ChangesetComment if capability?(token, :allow_write_api)
+ can :destroy, Note if capability?(token, :allow_write_notes)
end
end
require_capability(:allow_write_gpx)
end
- def require_allow_write_notes
- require_capability(:allow_write_notes)
- end
-
##
# require that the user is a moderator, or fill out a helpful error message
# and return them to the index for the controller this is wrapped from.
before_action :authorize_web, :only => [:mine]
before_action :setup_user_auth, :only => [:create, :comment, :show]
before_action :authorize, :only => [:close, :reopen, :destroy]
- before_action :require_moderator, :only => [:destroy]
+ before_action :api_deny_access_handler, :except => [:mine]
+
+ authorize_resource
+
before_action :check_api_writable, :only => [:create, :comment, :close, :reopen, :destroy]
- before_action :require_allow_write_notes, :only => [:create, :comment, :close, :reopen, :destroy]
before_action :set_locale
around_action :api_call_handle_error, :api_call_timeout
assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryEntries"
end
end
+
+ test "note permissions for a guest" do
+ ability = Ability.new nil
+
+ [:index, :create, :comment, :feed, :show, :search, :mine].each do |action|
+ assert ability.can?(action, Note), "should be able to #{action} Notes"
+ end
+
+ [:close, :reopen, :destroy].each do |action|
+ assert ability.cannot?(action, Note), "should not be able to #{action} Notes"
+ end
+ end
end
class UserAbilityTest < AbilityTest
assert ability.cannot?(action, Issue), "should not be able to #{action} Issues"
end
end
+
+ test "Note permissions" do
+ ability = Ability.new create(:user)
+
+ [:index, :create, :comment, :feed, :show, :search, :mine, :close, :reopen].each do |action|
+ assert ability.can?(action, Note), "should be able to #{action} Notes"
+ end
+
+ [:destroy].each do |action|
+ assert ability.cannot?(action, Note), "should not be able to #{action} Notes"
+ end
+ end
end
class ModeratorAbilityTest < AbilityTest
assert ability.can?(action, Issue), "should be able to #{action} Issues"
end
end
+
+ test "Note permissions" do
+ ability = Ability.new create(:moderator_user)
+
+ [:index, :create, :comment, :feed, :show, :search, :mine, :close, :reopen, :destroy].each do |action|
+ assert ability.can?(action, Note), "should be able to #{action} Notes"
+ end
+ end
end
class AdministratorAbilityTest < AbilityTest
end
end
+class NoteCapabilityTest < CapabilityTest
+ test "as a normal user with permissionless token" do
+ token = create(:access_token)
+ capability = Capability.new token
+
+ [:create, :comment, :close, :reopen, :destroy].each do |action|
+ assert capability.cannot? action, Note
+ end
+ end
+
+ test "as a normal user with allow_write_notes token" do
+ token = create(:access_token, :allow_write_notes => true)
+ capability = Capability.new token
+
+ [:destroy].each do |action|
+ assert capability.cannot? action, Note
+ end
+
+ [:create, :comment, :close, :reopen].each do |action|
+ assert capability.can? action, Note
+ end
+ end
+
+ test "as a moderator with permissionless token" do
+ token = create(:access_token, :user => create(:moderator_user))
+ capability = Capability.new token
+
+ [:destroy].each do |action|
+ assert capability.cannot? action, Note
+ end
+ end
+
+ test "as a moderator with allow_write_notes token" do
+ token = create(:access_token, :user => create(:moderator_user), :allow_write_notes => true)
+ capability = Capability.new token
+
+ [:destroy].each do |action|
+ assert capability.can? action, Note
+ end
+ end
+end
+
class UserCapabilityTest < CapabilityTest
test "user preferences" do
# a user with no tokens
projects / rails.git / commitdiff