]> git.openstreetmap.org Git - rails.git/blobdiff - app/abilities/api_capability.rb
Use resourceful routes for granting/revoking user roles
[rails.git] / app / abilities / api_capability.rb
index 44e67634552599c861f9320209e8a7810a155edd..d8be136438efded684104cbf9dfd0728b27221c8 100644 (file)
@@ -5,11 +5,7 @@ class ApiCapability
 
   def initialize(token)
     if Settings.status != "database_offline"
-      user = if token.respond_to?(:resource_owner_id)
-               User.find(token.resource_owner_id)
-             elsif token.respond_to?(:user)
-               token.user
-             end
+      user = User.find(token.resource_owner_id)
 
       if user&.active?
         can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes)
@@ -31,7 +27,7 @@ class ApiCapability
         if user.moderator?
           can [:destroy, :restore], ChangesetComment if scope?(token, :write_api)
           can :destroy, Note if scope?(token, :write_notes)
-          can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && (scope?(token, :write_api) || scope?(token, :write_redactions))
+          can :redact, [OldNode, OldWay, OldRelation] if user&.terms_agreed? && scope?(token, :write_redactions)
         end
       end
     end