[openstreetmap/openstreetmap-website] WIP: Move to CanCanCan for authorization (#2023)
Andy Allan
notifications at github.com
Wed Oct 17 12:07:30 UTC 2018
gravitystorm commented on this pull request.
> @@ -466,6 +468,23 @@ def better_errors_allow_inline
raise
end
+ def current_ability
+ Ability.new(current_user).merge(granted_capability)
+ end
+
+ def granted_capability
+ Capability.new(current_user, current_token)
+ end
+
+ def deny_access(_exception)
+ if current_user
I'm in general happy with telling people that they don't have permission (rather than what permission they need) to avoid all the special case overrides. I agree there's something not quite right on handling tokens vs current_user here.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2023#discussion_r225896598
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20181017/d64d59c2/attachment.html>
More information about the rails-dev
mailing list