From: Andy Allan Date: Wed, 2 Jan 2019 18:21:10 +0000 (+0100) Subject: Use CanCanCan for export controller X-Git-Tag: live~3279^2~5 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/44eea9dcaf42cdd0737ae9344e357901c9fe31b6?ds=inline Use CanCanCan for export controller --- diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb index 01af7eede..97a1c5d04 100644 --- a/app/abilities/ability.rb +++ b/app/abilities/ability.rb @@ -7,6 +7,7 @@ class Ability can :index, ChangesetComment can [:index, :permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id], :site can [:index, :rss, :show, :comments], DiaryEntry + can [:finish, :embed], :export can [:search, :search_latlon, :search_ca_postcode, :search_osm_nominatim, :search_geonames, :search_osm_nominatim_reverse, :search_geonames_reverse], :geocoder can [:index, :create, :comment, :feed, :show, :search, :mine], Note diff --git a/app/controllers/export_controller.rb b/app/controllers/export_controller.rb index afdf4d8d7..18ac15c10 100644 --- a/app/controllers/export_controller.rb +++ b/app/controllers/export_controller.rb @@ -2,6 +2,7 @@ class ExportController < ApplicationController before_action :authorize_web before_action :set_locale before_action :update_totp, :only => [:finish] + authorize_resource :class => false caches_page :embed