New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move to CanCanCan for authorization #2023
Merged
Merged
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
ffa65d4
Add cancancan and the first ability definitions for site_controller
gravitystorm 2ab3d56
don't check authorization everywhere
cflipse b16aa11
fix tests for site controller
cflipse 6da3ece
use token in ability checks
cflipse 6b44a19
use a controller method to handle cancan denials
cflipse 5232914
Implement the cancan filters for diary entries
cflipse ac7c45b
add test helper to set oauth tokens
cflipse 060c686
Use cancancan to authorize user_preference_controller
cflipse 2a44ff5
fix and improve ability coverage to account for tokens
cflipse 464c7f8
Update capabilities check to actually reflect the existing logic
cflipse 4d20a2c
Authorize actions on GeocoderController with CanCanCan Ability
benreyn 91fc65a
separate ability and capability
cflipse 25256a4
Make rubocop happy
cflipse 420a728
Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-…
gravitystorm f8f7ab1
Change abilities based on upstream renamings
gravitystorm fb2c1f6
Refactor site#welcome to use abilities instead of require_user
gravitystorm 901c29a
Fix typo in method name
gravitystorm dfb9e40
Move issues and reports to authorization system
gravitystorm 8360f27
Refactor to show the Issues link based on the calculated permissions
gravitystorm b7baa2c
Remove temporary development code
gravitystorm ce761b3
Combine site permissions declarations
gravitystorm a50ad1c
Rework the default denied access handler to give different responses …
gravitystorm 71b21ec
Rework capabilities to avoid assumptions about missing tokens
gravitystorm 0888f43
Check the oauth token and then use the capabilities directly
gravitystorm f11221f
Merge branch 'master' into cancancan
gravitystorm 149c07f
Remove unnecessary token granting from the user_preferences tests
gravitystorm 4161959
Add testing for moderator users and issues
gravitystorm 7a177cb
Fix error messages when users should not be able to do things
gravitystorm 8c269ab
Move abilities to a sepatarate top level directory
tomhughes File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Obviously similar comments apply here as with
Ability
but this one I think is something of your invention as I don't see it mentioned in the documentation?I wonder if this is even needed - given we are overriding
current_ability
could we not pass both the user and token toAbility
and have it do everything?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have any views on this, beyond what @cflipse wrote in the commit message when he split them out.
To be blunt, I don't yet have a good understanding of how all the tokens stuff works, so I'm happy to take direction here. My experience elsewhere is just with straightforward approaches around having a current_user with particular roles, and our token handling here is more complex.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's been a while. IIRC, the capabilities reflect permissions granted to the application -- so, if it's making a request to access your GPS, and you say "yes", then you've granted the app that capability. Another common example is when you OAuth login and the system asks for permission to read your contact lists.
This is, more or less, inverse of the CanCanCan's normal idea of an Ability, which is the app deciding if the user has permission to do something; Capability is the user deciding if the app has permission to do something. (Capability was an inherited name, I suspect that something better could be determined) The end result of the calculation is the same, but separating them helps to keep them from getting too crossed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The name capability comes from us - it was something we built on top of OAuth 1 to associate a token with a set of things it was allowed to do.
OAuth 2 has something similar built in but calls them scopes where when an application requests a token it indicates what scopes it wants access to.