From bd254a3d1881e761161977dbdc9ac7e3f062bda7 Mon Sep 17 00:00:00 2001
From: Martin Fenner <martin.fenner@datacite.org>
Date: Wed, 16 Dec 2020 19:25:51 +0100
Subject: [PATCH] show sensitive information when using jwt for password reset.
 #687

---
 app/models/ability.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index f9d653c54..5846c7fee 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -164,12 +164,12 @@ def initialize(user)
       end
     elsif user.role_id == "temporary"
       can %i[read], Provider
-      can %i[update], Provider, symbol: "ADMIN" if user.uid == "admin"
+      can %i[update read_contact_information], Provider, symbol: "ADMIN" if user.uid == "admin"
       if user.provider_id.present?
-        can %i[update], Provider, symbol: user.provider_id.upcase
+        can %i[update read_contact_information], Provider, symbol: user.provider_id.upcase
       end
       if user.client_id.present?
-        can %i[read update], Client, symbol: user.client_id.upcase
+        can %i[read update read_contact_information], Client, symbol: user.client_id.upcase
       end
       can %i[read], Doi, client_id: user.client_id if user.client_id.present?
       can %i[read get_url], Doi