From 290231965e57c54346fb6f814f2851babcf379bd Mon Sep 17 00:00:00 2001
From: Martin Fenner <martin.fenner@datacite.org>
Date: Sat, 24 Aug 2019 07:48:31 +0200
Subject: [PATCH] permissions for password reset flow. datacite/datacite#832

---
 app/models/ability.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index e45c0a839..a09e5ecbd 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -104,6 +104,19 @@ def initialize(user)
       can [:read], Activity do |activity|
         activity.doi.findable?
       end
+    elsif user.role_id == "temporary"
+      can [:read, :update], Provider, :symbol => user.provider_id.upcase if user.provider_id.present?
+      can [:read, :update], Client, :symbol => user.client_id.upcase if user.client_id.present?
+      can [:read], Doi, :client_id => user.client_id if user.client_id.present?
+      can [:read, :get_url], Doi do |doi|
+        doi.findable?
+      end
+      can [:read], User, :id => user.id
+      can [:read], Phrase
+      can [:read], Researcher
+      can [:read], Activity do |activity|
+        activity.doi.findable?
+      end
     elsif user.role_id == "anonymous"
       can [:read, :get_url], Doi do |doi|
         doi.findable?