Re: [openstreetmap/openstreetmap-website] Message read_mark and mute resources (PR #5536)

Anton Khorev via rails-dev Thu, 23 Jan 2025 18:15:11 -0800

@AntonKhorev commented on this pull request.



> @@ -43,7 +43,7 @@ def initialize(user)
         can :update, DiaryEntry, :user => user
         can [:create], DiaryComment
         can [:show, :create, :destroy], Follow
-        can [:read, :create, :mark, :unmute, :destroy], Message
+        can :manage, Message

And it didn't because `:manage` grants all abilities.

Rewrote it to not use `:manage`. Marks and mutes now authorize messages as 
parent resources, which means they check `:show` (included in `:read`) on 
messages.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5536#discussion_r1927991449
You are receiving this because you are subscribed to this thread.

Message ID: 
<openstreetmap/openstreetmap-website/pull/5536/review/2571500...@github.com>

_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev

Re: [openstreetmap/openstreetmap-website] Message read_mark and mute resources (PR #5536)

Reply via email to