Merge remote-tracking branch 'upstream/pull/2192'

2019-03-27 18:19:08 +00:00 · 2019-03-27 18:19:08 +00:00 · dbbbd62ef1
commit dbbbd62ef1
parent 69b952ae78 7b057545c0
8 changed files with 165 additions and 77 deletions
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@ -16,6 +16,15 @@ class ApiController < ApplicationController
    end
  end

+  def current_ability
+    # Use capabilities from the oauth token if it exists and is a valid access token
+    if Authenticator.new(self, [:token]).allow?
+      ApiAbility.new(nil).merge(ApiCapability.new(current_token))
+    else
+      ApiAbility.new(current_user)
+    end
+  end
+
  def deny_access(_exception)
    if current_token
      set_locale
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -329,12 +329,7 @@ class ApplicationController < ActionController::Base
  end

  def current_ability
-    # Use capabilities from the oauth token if it exists and is a valid access token
-    if Authenticator.new(self, [:token]).allow?
-      Ability.new(nil).merge(Capability.new(current_token))
-    else
-      Ability.new(current_user)
-    end
+    Ability.new(current_user)
  end

  def deny_access(_exception)