Pass user to ApiAbility

[rails.git] / app / controllers / api_controller.rb

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 5faa39165d089a249179b506ddaf9ee5dea6dedb..27f262d00341aa8cabfcf7e5d54e6c11f0541c95 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -65,9 +65,10 @@ class ApiController < ApplicationController
   def current_ability
     # Use capabilities from the oauth token if it exists and is a valid access token
     if doorkeeper_token&.accessible?
-      ApiAbility.new(doorkeeper_token)
+      user = User.find(doorkeeper_token.resource_owner_id)
+      ApiAbility.new(user, doorkeeper_token)
     else
-      ApiAbility.new(nil)
+      ApiAbility.new(nil, nil)
     end
   end