Restrict ability to create authentications.

2026-05-19 06:15:44 -04:00 · 2013-04-09 17:19:38 +01:00
parent 89d8390a6f
commit 0697d5a5ea
1 changed files with 5 additions and 0 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -43,6 +43,11 @@ class Ability
        can :manage, ScientificName
      end

+      # can create/update/destroy their own authentications against other sites.
+      can :create, Authentication
+      can :update, Authentication, :member_id => member.id
+      can :destroy, Authentication, :member_id => member.id
+
      # anyone can create a post, or comment on a post,
      # but only the author can edit/destroy it.
      can :create, Post