gem "record_tag_helper"
gem "rinku", ">= 1.2.2", :require => "rails_rinku"
gem "validates_email_format_of", ">= 1.5.1"
+gem "cancancan"
# Native OSM extensions
gem "quad_tile", "~> 1.0.1"
binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1)
builder (3.2.3)
+ cancancan (2.1.3)
canonical-rails (0.2.3)
rails (>= 4.1, < 5.3)
capybara (2.18.0)
better_errors
bigdecimal (~> 1.1.0)
binding_of_caller
+ cancancan
canonical-rails
capybara (~> 2.13)
coffee-rails (~> 4.2)
class ApplicationController < ActionController::Base
include SessionPersistence
+ check_authorization
protect_from_forgery :with => :exception
raise
end
+ rescue_from CanCan::AccessDenied do |exception|
+ raise "Access denied on #{exception.action} #{exception.subject.inspect}"
+ # ...
+ end
+
private
# extract authorisation credentials from headers, returns user = nil if none
before_action :set_locale
before_action :redirect_browse_params, :only => :index
before_action :redirect_map_params, :only => [:index, :edit, :export]
- before_action :require_user, :only => [:welcome]
before_action :require_oauth, :only => [:index]
before_action :update_totp, :only => [:index]
+ authorize_resource :class => false
+
def index
session[:location] ||= OSM.ip_location(request.env["REMOTE_ADDR"]) unless STATUS == :database_readonly || STATUS == :database_offline
end
class UserController < ApplicationController
layout "site", :except => [:api_details]
+ skip_authorization_check :only => [:login, :logout]
+
skip_before_action :verify_authenticity_token, :only => [:api_read, :api_details, :api_gpx_files, :auth_success]
before_action :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
before_action :authorize, :only => [:api_details, :api_gpx_files]
--- /dev/null
+class Ability
+ include CanCan::Ability
+
+ def initialize(user)
+ can :index, :site
+
+ if user
+ can :welcome, :site
+ end
+ # Define abilities for the passed in user here. For example:
+ #
+ # user ||= User.new # guest user (not logged in)
+ # if user.admin?
+ # can :manage, :all
+ # else
+ # can :read, :all
+ # end
+ #
+ # The first argument to `can` is the action you are giving the user
+ # permission to do.
+ # If you pass :manage it will apply to every action. Other common actions
+ # here are :read, :create, :update and :destroy.
+ #
+ # The second argument is the resource the user can perform the action on.
+ # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+ # class of the resource.
+ #
+ # The third argument is an optional hash of conditions to further filter the
+ # objects.
+ # For example, here the user can only update published articles.
+ #
+ # can :update, Article, :published => true
+ #
+ # See the wiki for details:
+ # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
+ end
+end
projects / rails.git / commitdiff