[openstreetmap/openstreetmap-website] Message read_mark and mute resources (PR #5536)
Anton Khorev
notifications at github.com
Fri Jan 24 02:13:27 UTC 2025
@AntonKhorev commented on this pull request.
> @@ -43,7 +43,7 @@ def initialize(user)
can :update, DiaryEntry, :user => user
can [:create], DiaryComment
can [:show, :create, :destroy], Follow
- can [:read, :create, :mark, :unmute, :destroy], Message
+ can :manage, Message
And it didn't because `:manage` grants all abilities.
Rewrote it to not use `:manage`. Marks and mutes now authorize messages as parent resources, which means they check `:show` (included in `:read`) on messages.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5536#discussion_r1927991449
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/5536/review/2571500682 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250123/8fed70ba/attachment.htm>
More information about the rails-dev
mailing list