[openstreetmap/openstreetmap-website] Move to CanCanCan for authorization (#2023)

Chris Flipse notifications at github.com
Thu Nov 1 15:14:06 UTC 2018

cflipse commented on this pull request.

> @@ -0,0 +1,21 @@
+# frozen_string_literal: true
+class Capability

It's been a while.  IIRC, the capabilities reflect permissions granted to the application -- so, if it's making a request to access your GPS, and you say "yes", then you've granted the app that capability.  Another common example is when you OAuth login and the system asks for permission to read your contact lists.

This is, more or less, inverse of the CanCanCan's normal idea of an Ability, which is the app deciding if the user has permission to do something; Capability is the user deciding if the app has permission to do something.  (Capability was an inherited name, I suspect that something better could be determined)  The end result of the calculation is the same, but separating them helps to keep them from getting too crossed.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20181101/ccb81dec/attachment.html>

More information about the rails-dev mailing list