use token in ability checks

[rails.git] / app / controllers / application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5f88eb9833968f9481c10fe665cbbad1c76173fd..84adc1a32d287d4e34b4b0544f2f52efd72f8d0d 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -473,6 +473,10 @@ class ApplicationController < ActionController::Base
     # ...
   end
 
+  def current_ability
+    @current_ability ||= Ability.new(current_user, current_token)
+  end
+
   private
 
   # extract authorisation credentials from headers, returns user = nil if none