Use CanCanCan for nodes, ways, relations, old and api controllers

[rails.git] / app / controllers / api_controller.rb

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 90883376c97d7af2cf8239b582baea67d576b7e9..3273665d232cf05679b05b60814a4dd5ef09ed2c 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,5 +1,9 @@
 class ApiController < ApplicationController
   skip_before_action :verify_authenticity_token
+  before_action :api_deny_access_handler
+
+  authorize_resource :class => false
+
   before_action :check_api_readable, :except => [:capabilities]
   before_action :setup_user_auth, :only => [:permissions]
   around_action :api_call_handle_error, :api_call_timeout