* feat: Add API token generation and authentication
This commit introduces API token generation and authentication for write operations.
- Adds a section to the user's profile edit page to generate and display an API token.
- Reuses the `authentications` table to store the API token, avoiding the need for a database migration.
- Implements token-based authentication for the API using the `Authorization: Token token=...` header.
- Enables write operations for all API resources and ensures they are protected by the new authentication mechanism.
- Adds feature and request specs to test the new functionality.
* feat: Add API token generation and authentication
This commit introduces API token generation and authentication for write operations.
- Adds a section to the user's profile edit page to generate and display an API token.
- Reuses the `authentications` table to store the API token, avoiding the need for a database migration.
- Implements token-based authentication for the API using the `Authorization: Token token=...` header.
- Enables write operations for all API resources and ensures they are protected by the new authentication mechanism.
- Adds feature and request specs to test the new functionality.
* Mark as editable
* Refactor
* WIP - Authentication
* Implement more test coverage
* Split 401 and 403
* Before Create hooks
* Update harvest specs, defaulting to the first plant part - this may not be right
* Update coverage
* Update coverage
* Rubocop
* Rubocop
* Rubocop
* Fix coverage
* For now, mark photos immutable again
* Fix specs
* Fix specs
* Rubocop
* Fix specs
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Daniel O'Connor <daniel.oconnor@gmail.com>
The 'add a bio' link on the member profile page was previously shown
based on the `can? :edit, @member` ability check. This caused an issue
for admins, who could see the link on other users' profiles, but the
link would incorrectly lead to their own settings page.
This change modifies the condition to be `member_signed_in? && current_member == @member`.
This ensures the link is only displayed when a logged-in user is
viewing their own profile, which is the correct and intended behavior.
