[openstreetmap/openstreetmap-website] Use CanCanCan for changeset comments (#2073)

Andy Allan notifications at github.com
Wed Nov 28 11:44:51 UTC 2018

This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.

I think in the long term, we'll have separate deny_access handlers for web and api requests using controller inheritance, but I think this works as an intermediate stage while we're refactoring. 
You can view, comment on, or merge this pull request online at:


-- Commit Summary --

  * Use CanCanCan for changeset comments

-- File Changes --

    M app/abilities/ability.rb (3)
    M app/abilities/capability.rb (5)
    M app/controllers/application_controller.rb (30)
    M app/controllers/changeset_comments_controller.rb (6)
    M test/abilities/capability_test.rb (42)
    A test/factories/access_tokens.rb (6)

-- Patch Links --


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20181128/3a6c5f1d/attachment.html>

More information about the rails-dev mailing list