before_action :check_api_readable
+ around_action :api_call_handle_error, :api_call_timeout
+
private
##
def current_ability
# Use capabilities from the oauth token if it exists and is a valid access token
if doorkeeper_token&.accessible?
- ApiAbility.new(nil).merge(ApiCapability.new(doorkeeper_token))
+ ApiAbility.new(doorkeeper_token)
else
- ApiAbility.new(current_user)
+ ApiAbility.new(nil)
end
end
report_error message, :bad_request
rescue OSM::APIError => e
report_error e.message, e.status
- rescue AbstractController::ActionNotFound => e
+ rescue AbstractController::ActionNotFound, CanCan::AccessDenied => e
raise
rescue StandardError => e
logger.info("API threw unexpected #{e.class} exception: #{e.message}")