Add an ability to see redacted versions

app/abilities/ability.rb

@@ -54,6 +54,7 @@ def initialize(user)
         can [:index, :create, :destroy], UserMute
 
         if user.moderator?
+          can :show_redactions, [:browse, OldNode, OldWay, OldRelation]
           can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry
           can [:index, :show, :resolve, :ignore, :reopen], Issue
           can :create, IssueComment

app/controllers/browse_controller.rb

@@ -6,7 +6,7 @@ class BrowseController < ApplicationController
   before_action -> { check_database_readable(:need_api => true) }
   before_action :require_oauth
   before_action :update_totp, :only => [:query]
-  before_action :require_moderator_for_unredacted_history, :only => [:relation_history, :way_history, :node_history]
+  before_action -> { authorize! :show_redactions, :browse if params[:show_redactions] }, :only => [:relation_history, :way_history, :node_history]
   around_action :web_timeout
   authorize_resource :class => false
 
@@ -59,10 +59,4 @@ def node_history
   end
 
   def query; end
-
-  private
-
-  def require_moderator_for_unredacted_history
-    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
-  end
 end

app/controllers/old_nodes_controller.rb

@@ -7,8 +7,8 @@ class OldNodesController < ApplicationController
   before_action :require_oauth
 
   authorize_resource
+  before_action -> { authorize! :show_redactions, OldNode if params[:show_redactions] }
 
-  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -17,10 +17,4 @@ def show
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-
-  private
-
-  def require_moderator_for_unredacted_history
-    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
-  end
 end

app/controllers/old_relations_controller.rb

@@ -7,8 +7,8 @@ class OldRelationsController < ApplicationController
   before_action :require_oauth
 
   authorize_resource
+  before_action -> { authorize! :show_redactions, OldRelation if params[:show_redactions] }
 
-  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -17,10 +17,4 @@ def show
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-
-  private
-
-  def require_moderator_for_unredacted_history
-    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
-  end
 end

app/controllers/old_ways_controller.rb

@@ -7,8 +7,8 @@ class OldWaysController < ApplicationController
   before_action :require_oauth
 
   authorize_resource
+  before_action -> { authorize! :show_redactions, OldWay if params[:show_redactions] }
 
-  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -17,10 +17,4 @@ def show
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
-
-  private
-
-  def require_moderator_for_unredacted_history
-    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
-  end
 end