
<p><span class="issue-keyword tooltipped tooltipped-se" aria-label="This pull request closes issue #1626.">Resolves</span> <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="254033085" data-permission-text="Issue title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/1626" data-hovercard-type="issue" data-hovercard-url="/openstreetmap/openstreetmap-website/issues/1626/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/issues/1626">#1626</a>. Builds on and replaces <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="333082344" data-permission-text="Issue title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/1904" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/1904/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/pull/1904">#1904</a></p>

<p>I've taken <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="333082344" data-permission-text="Issue title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/1904" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/1904/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/pull/1904">#1904</a>, brought it up to date, and resolved a couple of things that I'd noticed and added a few more refactorings, including the first use of the <code>can?</code> in the views.</p>

<p>At this point, do we want to merge what we have already and then refactor the rest of the controllers in subsequent PRs, or should we wait until we're ready with a comprehensive PR that covers all controllers?</p>


<hr>


<h4>You can view, comment on, or merge this pull request online at:</h4>

<p>  <a href='https://github.com/openstreetmap/openstreetmap-website/pull/2023'>https://github.com/openstreetmap/openstreetmap-website/pull/2023</a></p>


<h4>Commit Summary</h4>

<ul>

  <li>Add cancancan and the first ability definitions for site_controller</li>

  <li>don't check authorization everywhere</li>

  <li>fix tests for site controller</li>

  <li>use token in ability checks</li>

  <li>use a controller method to handle cancan denials</li>

  <li>Implement the cancan filters for diary entries</li>

  <li>add test helper to set oauth tokens</li>

  <li>Use cancancan to authorize user_preference_controller</li>

  <li>fix and improve ability coverage to account for tokens</li>

  <li>Authorize actions on GeocoderController with CanCanCan Ability</li>

  <li>Update capabilities check to actually reflect the existing logic</li>

  <li>separate ability and capability</li>

  <li>Make rubocop happy</li>

  <li>Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz</li>

  <li>Change abilities based on upstream renamings</li>

  <li>Refactor site#welcome to use abilities instead of require_user</li>

  <li>Fix typo in method name</li>

  <li>Move issues and reports to authorization system</li>

  <li>Refactor to show the Issues link based on the calculated permissions</li>

  <li>Remove temporary development code</li>

</ul>


<h4>File Changes</h4>

<ul>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-0">Gemfile</a>

    (1)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-1">Gemfile.lock</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-2">app/controllers/application_controller.rb</a>

    (19)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-3">app/controllers/diary_entry_controller.rb</a>

    (31)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-4">app/controllers/issue_comments_controller.rb</a>

    (10)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-5">app/controllers/issues_controller.rb</a>

    (11)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-6">app/controllers/reports_controller.rb</a>

    (3)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-7">app/controllers/site_controller.rb</a>

    (3)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-8">app/controllers/user_preferences_controller.rb</a>

    (5)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-9">app/models/ability.rb</a>

    (57)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-10">app/models/capability.rb</a>

    (21)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-11">app/views/layouts/_header.html.erb</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-12">test/controllers/user_preferences_controller_test.rb</a>

    (5)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-13">test/models/abilities_test.rb</a>

    (65)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-14">test/models/capability_test.rb</a>

    (51)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-15">test/test_helper.rb</a>

    (10)

  </li>

</ul>


<h4>Patch Links:</h4>

<ul>

  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/2023.patch'>https://github.com/openstreetmap/openstreetmap-website/pull/2023.patch</a></li>

  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/2023.diff'>https://github.com/openstreetmap/openstreetmap-website/pull/2023.diff</a></li>

</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2023">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLQ8U4Yb-_w8ARnWF013US0qt9Krlks5ujgpfgaJpZM4XVheR">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABWnLT5NOHlX62McOzRtIv6EZMOnEjhRks5ujgpfgaJpZM4XVheR.gif" height="1" width="1" alt="" /></p>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"WIP: Move to CanCanCan for authorization (#2023)"}],"action":{"name":"View Pull Request","url":"https://github.com/openstreetmap/openstreetmap-website/pull/2023"}}}</script>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2023",

"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2023",

"name": "View Pull Request"

},

"description": "View this Pull Request on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

},

{

"@type": "MessageCard",

"@context": "http://schema.org/extensions",

"hideOriginalBody": "false",

"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",

"title": "WIP: Move to CanCanCan for authorization (#2023)",

"sections": [

{

"text": "",

"activityTitle": "**Andy Allan**",

"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",

"activitySubtitle": "@gravitystorm",

"facts": [


]

},

{

"title": "Commit Summary",

"facts": [

{

"name": "ffa65d4",

"value": "Add cancancan and the first ability definitions for site_controller"

},

{

"name": "2ab3d56",

"value": "don't check authorization everywhere"

},

{

"name": "b16aa11",

"value": "fix tests for site controller"

},

{

"name": "6da3ece",

"value": "use token in ability checks"

},

{

"name": "6b44a19",

"value": "use a controller method to handle cancan denials"

},

{

"name": "5232914",

"value": "Implement the cancan filters for diary entries"

},

{

"name": "ac7c45b",

"value": "add test helper to set oauth tokens"

},

{

"name": "060c686",

"value": "Use cancancan to authorize user_preference_controller"

},

{

"name": "2a44ff5",

"value": "fix and improve ability coverage to account for tokens"

},

{

"name": "4d20a2c",

"value": "Authorize actions on GeocoderController with CanCanCan Ability"

},

{

"name": "464c7f8",

"value": "Update capabilities check to actually reflect the existing logic"

},

{

"name": "91fc65a",

"value": "separate ability and capability"

},

{

"name": "25256a4",

"value": "Make rubocop happy"

},

{

"name": "420a728",

"value": "Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz"

},

{

"name": "f8f7ab1",

"value": "Change abilities based on upstream renamings"

},

{

"name": "fb2c1f6",

"value": "Refactor site#welcome to use abilities instead of require_user"

},

{

"name": "901c29a",

"value": "Fix typo in method name"

},

{

"name": "dfb9e40",

"value": "Move issues and reports to authorization system"

},

{

"name": "8360f27",

"value": "Refactor to show the Issues link based on the calculated permissions"

},

{

"name": "b7baa2c",

"value": "Remove temporary development code"

}

]

},

{

"title": "File Changes",

"facts": [

{

"name": "Modified",

"value": "[Gemfile](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-0) (1 changes)"

},

{

"name": "Modified",

"value": "[Gemfile.lock](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-1) (2 changes)"

},

{

"name": "Modified",

"value": "[app/controllers/application_controller.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-2) (19 changes)"

},

{

"name": "Modified",

"value": "[app/controllers/diary_entry_controller.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-3) (31 changes)"

},

{

"name": "Modified",

"value": "[app/controllers/issue_comments_controller.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-4) (10 changes)"

},

{

"name": "Modified",

"value": "[app/controllers/issues_controller.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-5) (11 changes)"

},

{

"name": "Modified",

"value": "[app/controllers/reports_controller.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-6) (3 changes)"

},

{

"name": "Modified",

"value": "[app/controllers/site_controller.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-7) (3 changes)"

},

{

"name": "Modified",

"value": "[app/controllers/user_preferences_controller.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-8) (5 changes)"

},

{

"name": "Added",

"value": "[app/models/ability.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-9) (57 changes)"

},

{

"name": "Added",

"value": "[app/models/capability.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-10) (21 changes)"

},

{

"name": "Modified",

"value": "[app/views/layouts/_header.html.erb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-11) (2 changes)"

},

{

"name": "Modified",

"value": "[test/controllers/user_preferences_controller_test.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-12) (5 changes)"

},

{

"name": "Added",

"value": "[test/models/abilities_test.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-13) (65 changes)"

},

{

"name": "Added",

"value": "[test/models/capability_test.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-14) (51 changes)"

},

{

"name": "Modified",

"value": "[test/test_helper.rb](https://github.com/openstreetmap/openstreetmap-website/pull/2023/files#diff-15) (10 changes)"

}

]

}

],

"potentialAction": [

{

"name": "Add a comment",

"@type": "ActionCard",

"inputs": [

{

"isMultiLine": true,

"@type": "TextInput",

"id": "IssueComment",

"isRequired": false

}

],

"actions": [

{

"name": "Comment",

"@type": "HttpPOST",

"target": "https://api.github.com",

"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"openstreetmap/openstreetmap-website\",\n\"issueId\": 2023,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"

}

]

},

{

"name": "Close pull request",

"@type": "HttpPOST",

"target": "https://api.github.com",

"body": "{\n\"commandName\": \"PullRequestClose\",\n\"repositoryFullName\": \"openstreetmap/openstreetmap-website\",\n\"pullRequestId\": 2023\n}"

},

{

"targets": [

{

"os": "default",

"uri": "https://github.com/openstreetmap/openstreetmap-website/pull/2023"

}

],

"@type": "OpenUri",

"name": "View on GitHub"

},

{

"targets": [

{

"os": "default",

"uri": "https://github.com/openstreetmap/openstreetmap-website/pull/2023.patch"

}

],

"@type": "OpenUri",

"name": "View patch"

},

{

"targets": [

{

"os": "default",

"uri": "https://github.com/openstreetmap/openstreetmap-website/pull/2023.diff"

}

],

"@type": "OpenUri",

"name": "View diff"

},

{

"name": "Unsubscribe",

"@type": "HttpPOST",

"target": "https://api.github.com",

"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 391518097\n}"

}

],

"themeColor": "26292E"

}

]</script>