From: Andy Allan Date: Wed, 9 Jan 2019 14:27:29 +0000 (+0100) Subject: Use CanCanCan for messages controller X-Git-Tag: live~3267^2~1 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/425f42dd8008d9962c7bee0cadfbdcf33e1f4f95?hp=-c Use CanCanCan for messages controller --- 425f42dd8008d9962c7bee0cadfbdcf33e1f4f95 diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb index 1fcf6cbee..c4ea4ef8f 100644 --- a/app/abilities/ability.rb +++ b/app/abilities/ability.rb @@ -17,6 +17,7 @@ class Ability if user can :welcome, :site can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry + can [:new, :create, :reply, :show, :inbox, :outbox, :mark, :destroy], Message can [:close, :reopen], Note can [:new, :create], Report can [:account, :go_public, :make_friend, :remove_friend, :api_details, :api_gpx_files], User diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index c93c998f0..dce0099e5 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -3,7 +3,9 @@ class MessagesController < ApplicationController before_action :authorize_web before_action :set_locale - before_action :require_user + + authorize_resource + before_action :lookup_user, :only => [:new, :create] before_action :check_database_readable before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy]