[openstreetmap/openstreetmap-website] WIP: Move to CanCanCan for authorization (#2023)

Andy Allan notifications at github.com
Wed Oct 10 14:55:27 UTC 2018 

Resolves #1626. Builds on and replaces #1904 

I've taken #1904, brought it up to date, and resolved a couple of things that I'd noticed and added a few more refactorings, including the first use of the `can?` in the views.

At this point, do we want to merge what we have already and then refactor the rest of the controllers in subsequent PRs, or should we wait until we're ready with a comprehensive PR that covers all controllers?
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/2023

-- Commit Summary --

  * Add cancancan and the first ability definitions for site_controller
  * don't check authorization everywhere
  * fix tests for site controller
  * use token in ability checks
  * use a controller method to handle cancan denials
  * Implement the cancan filters for diary entries
  * add test helper to set oauth tokens
  * Use cancancan to authorize user_preference_controller
  * fix and improve ability coverage to account for tokens
  * Authorize actions on GeocoderController with CanCanCan Ability
  * Update capabilities check to actually reflect the existing logic
  * separate ability and capability
  * Make rubocop happy
  * Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz
  * Change abilities based on upstream renamings
  * Refactor site#welcome to use abilities instead of require_user
  * Fix typo in method name
  * Move issues and reports to authorization system
  * Refactor to show the Issues link based on the calculated permissions
  * Remove temporary development code

-- File Changes --

    M Gemfile (1)
    M Gemfile.lock (2)
    M app/controllers/application_controller.rb (19)
    M app/controllers/diary_entry_controller.rb (31)
    M app/controllers/issue_comments_controller.rb (10)
    M app/controllers/issues_controller.rb (11)
    M app/controllers/reports_controller.rb (3)
    M app/controllers/site_controller.rb (3)
    M app/controllers/user_preferences_controller.rb (5)
    A app/models/ability.rb (57)
    A app/models/capability.rb (21)
    M app/views/layouts/_header.html.erb (2)
    M test/controllers/user_preferences_controller_test.rb (5)
    A test/models/abilities_test.rb (65)
    A test/models/capability_test.rb (51)
    M test/test_helper.rb (10)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/2023.patch
https://github.com/openstreetmap/openstreetmap-website/pull/2023.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2023
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20181010/9423871b/attachment.html>

More information about the rails-dev mailing list