From: Chris Flipse Date: Fri, 8 Jun 2018 20:58:49 +0000 (-0400) Subject: use token in ability checks X-Git-Tag: live~3397^2~15^2~9 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/6da3ece68354f77f626de8963770c0217048e19d use token in ability checks --- diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5f88eb983..84adc1a32 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -473,6 +473,10 @@ class ApplicationController < ActionController::Base # ... end + def current_ability + @current_ability ||= Ability.new(current_user, current_token) + end + private # extract authorisation credentials from headers, returns user = nil if none diff --git a/app/models/ability.rb b/app/models/ability.rb index 864225e8e..897316691 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -1,7 +1,9 @@ +# frozen_string_literal: true + class Ability include CanCan::Ability - def initialize(user) + def initialize(user, token) can :index, :site can [:permalink, :edit, :help, :fixthemap, :offline, :export, :about, :preview, :copyright, :key, :id, :welcome], :site @@ -35,4 +37,8 @@ class Ability # See the wiki for details: # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities end + + def has_capability?(token, cap) + token && token.read_attribute(cap) + end end diff --git a/test/models/abilities_test.rb b/test/models/abilities_test.rb new file mode 100644 index 000000000..ab8458531 --- /dev/null +++ b/test/models/abilities_test.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +require "test_helper" + +class AbilityTest < ActiveSupport::TestCase + +end