Pass scopes instead of token to ApiAbility

2025-02-12 18:13:56 +03:00 · 2025-02-12 18:13:56 +03:00 · 77a2657d33
commit 77a2657d33
parent 304e0ef638
4 changed files with 55 additions and 60 deletions
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@ -66,9 +66,10 @@ class ApiController < ApplicationController
    # Use capabilities from the oauth token if it exists and is a valid access token
    if doorkeeper_token&.accessible?
      user = User.find(doorkeeper_token.resource_owner_id)
-      ApiAbility.new(user, doorkeeper_token)
+      scopes = Set.new doorkeeper_token.scopes
+      ApiAbility.new(user, scopes)
    else
-      ApiAbility.new(nil, nil)
+      ApiAbility.new(nil, Set.new)
    end
  end