Move scope_enabled? to ApiController

[rails.git] / app / controllers / api_controller.rb

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 17c98fe8b657e4c52acf6133084a786110405d90..23f35a40eeaf73662765d1d8cf137f2605f40f9c 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -65,9 +65,9 @@ class ApiController < ApplicationController
   def current_ability
     # Use capabilities from the oauth token if it exists and is a valid access token
     if doorkeeper_token&.accessible?
-      ApiAbility.new(nil).merge(ApiCapability.new(doorkeeper_token))
+      ApiAbility.new(doorkeeper_token)
     else
-      ApiAbility.new(current_user)
+      ApiAbility.new(nil)
     end
   end
 
@@ -170,4 +170,10 @@ class ApiController < ApplicationController
 
     raise OSM::APIRateLimitExceeded if new_changes > max_changes
   end
+
+  def scope_enabled?(scope)
+    doorkeeper_token&.includes_scope?(scope)
+  end
+
+  helper_method :scope_enabled?
 end