Re: [openstreetmap/openstreetmap-website] Allow users to delete their own diary entries (PR #4540)

Tom Hughes via rails-dev Mon, 29 Jun 2026 12:24:20 -0700

@tomhughes commented on this pull request.



> @@ -43,7 +43,7 @@ def initialize(user)
         can :read, :dashboard
         can [:read, :update], [:preferences, :profile]
         can [:create, :subscribe, :unsubscribe], DiaryEntry
-        can :update, DiaryEntry, :user => user
+        can [:update, :hide, :unhide], DiaryEntry, :user => user

Ah no we do a manual check in the controller methods so yes I think you're 
right, because it needs the diary entry object  to get the user from for the 
check.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4540#discussion_r3494179280
You are receiving this because you are subscribed to this thread.

Message ID: 
<openstreetmap/openstreetmap-website/pull/4540/review/[email protected]>

_______________________________________________
rails-dev mailing list
[email protected]
https://lists.openstreetmap.org/listinfo/rails-dev

Re: [openstreetmap/openstreetmap-website] Allow users to delete their own diary entries (PR #4540)

Reply via email to