[openstreetmap/openstreetmap-website] Use CanCanCan for changesets controller (#2105)
Andy Allan
notifications at github.com
Wed Jan 9 11:43:44 UTC 2019
The expand_bbox method now needs `require_write_api` capability on tokens.
I'm not sure whether this omission was intended previously, but I think it makes sense to require it from now on. I think it's quite unlikely that anyone has been creating changesets with one token and expanding the bbox with another, less privileged token.
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/2105
-- Commit Summary --
* Use CanCanCan for changesets controller
-- File Changes --
M app/abilities/ability.rb (4)
M app/abilities/capability.rb (1)
M app/controllers/changesets_controller.rb (5)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/2105.patch
https://github.com/openstreetmap/openstreetmap-website/pull/2105.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2105
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190109/89309603/attachment-0001.html>
More information about the rails-dev
mailing list