# no auth, the user does not exist or the password was wrong
response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
render :plain => errormessage, :status => :unauthorized
- return false
+ false
+ end
+ end
+
+ def current_ability
+ # Use capabilities from the oauth token if it exists and is a valid access token
+ if Authenticator.new(self, [:token]).allow?
+ ApiAbility.new(nil).merge(ApiCapability.new(current_token))
+ else
+ ApiAbility.new(current_user)
end
end
def gpx_status
status = database_status
- status = :offline if status == :online && Settings.status == "gpx_offline"
+ status = "offline" if status == "online" && Settings.status == "gpx_offline"
status
end