]> git.openstreetmap.org Git - rails.git/blobdiff - app/abilities/api_ability.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Pass user to ApiAbility
[rails.git] / app / abilities / api_ability.rb
diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb
index e774f6820df3f364c3d766f1c2bd25129f12a0dc..3bc82eab290b714670f41288ba47fccc03eda980 100644 (file)
--- a/app/abilities/api_ability.rb
+++ b/app/abilities/api_ability.rb
@@ -3,14 +3,12 @@
 class ApiAbility
   include CanCan::Ability
 
-  def initialize(token)
+  def initialize(user, token)
     can :read, [:version, :capability, :permission, :map]
 
     if Settings.status != "database_offline"
-      user = User.find(token.resource_owner_id) if token
-
       can [:read, :feed, :search], Note
-      can :create, Note unless token
+      can :create, Note unless user
 
       can [:read, :download], Changeset
       can :read, Tracepoint
The OpenStreetMap web site