<p>As an update, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="368707380" data-permission-text="Issue title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/2023" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/2023/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/pull/2023">#2023</a> is coming together, and I hope we can resolve any remaining aspects soon and get it merged. For reference, the process after that will be roughly:</p>
<ul>
<li>Refactor various controllers to remove the need for <code>require_moderator</code> and <code>require_administrator</code>. These can be checked with the abilities instead.</li>
<li>Refactor various controllers and views to remove role checks e.g. <code>if current_user.moderator?</code>, and replace with permission checks e.g. <code>can? :delete @note</code>.</li>
<li>Refactor remaining controllers to avoid needing the <code>require_user</code> filter</li>
<li>Review the need for <code>require_cability</code> and friends, and migrate to using the new capabilities approach</li>
<li>Mark any other controllers as not needing authorization, and then add <code>check_authorization</code> to application controller</li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-432706366">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLYXIH5cs88YfoH72nXhqMiCgYuycks5uoIgLgaJpZM4PHh-a">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABWnLQB5EcFdi81vmkSVwIs9CkAwAD0dks5uoIgLgaJpZM4PHh-a.gif" height="1" width="1" alt="" /></p>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@gravitystorm in #1626: As an update, #2023 is coming together, and I hope we can resolve any remaining aspects soon and get it merged. For reference, the process after that will be roughly:\r\n\r\n* Refactor various controllers to remove the need for `require_moderator` and `require_administrator`. These can be checked with the abilities instead.\r\n* Refactor various controllers and views to remove role checks e.g. `if current_user.moderator?`, and replace with permission checks e.g. `can? :delete @note`.\r\n* Refactor remaining controllers to avoid needing the `require_user` filter\r\n* Review the need for `require_cability` and friends, and migrate to using the new capabilities approach\r\n* Mark any other controllers as not needing authorization, and then add `check_authorization` to application controller"}],"action":{"name":"View Issue","url":"https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-432706366"}}}</script>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-432706366",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-432706366",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [openstreetmap/openstreetmap-website] Use an authorisation framework (#1626)",
"sections": [
{
"text": "",
"activityTitle": "**Andy Allan**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@gravitystorm",
"facts": [

]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"openstreetmap/openstreetmap-website\",\n\"issueId\": 1626,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"openstreetmap/openstreetmap-website\",\n\"issueId\": 1626\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-432706366"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 253632410\n}"
}
],
"themeColor": "26292E"
}
]</script>