Check the oauth token and then use the capabilities directly

[rails.git] / app / models / capability.rb

diff --git a/app/models/capability.rb b/app/models/capability.rb
index db2d7171170745acda1dc9898411473b8808ef53..2a5c927748bbdb969b6d37e376a099374085bed4 100644 (file)
--- a/app/models/capability.rb
+++ b/app/models/capability.rb
@@ -3,19 +3,14 @@
 class Capability
   include CanCan::Ability
 
-  def initialize(user, token)
-    if user
-      can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
-      can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
-
-    end
+  def initialize(token)
+    can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
+    can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
   end
 
   private
 
-  # If a user provides no tokens, they've authenticated via a non-oauth method
-  # and permission to access to all capabilities is assumed.
   def capability?(token, cap)
-    token.nil? || token.read_attribute(cap)
+    token&.read_attribute(cap)
   end
 end