Update capabilities check to actually reflect the existing logic
The OAuth capabilities are essentially user permissions that have been granted to the app. If the user authenticates through a non-oauth method, they are assumed to have granted all capabilities to the app
This commit is contained in:
Chris Flipse
parent
2a44ff581f
commit
464c7f863e
2 changed files with 11 additions and 1 deletions
|
|
@ -49,7 +49,9 @@ class Ability
|
|||
# https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
|
||||
end
|
||||
|
||||
# If a user provides no tokens, they've authenticated via a non-oauth method
|
||||
# and permission to access to all capabilities is assumed.
|
||||
def has_capability?(token, cap)
|
||||
token && token.read_attribute(cap)
|
||||
token.nil? || token.read_attribute(cap)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue