X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/83425edd8da6a01047702cbb3ac8642f3ef452fa..68481fe7753432ffd3051ede15f7518b1c0d73c9:/app/controllers/api_controller.rb?ds=sidebyside

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 6ce8a0ef2..23f35a40e 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -65,9 +65,9 @@ class ApiController < ApplicationController
   def current_ability
     # Use capabilities from the oauth token if it exists and is a valid access token
     if doorkeeper_token&.accessible?
-      ApiAbility.new(nil).merge(ApiCapability.new(doorkeeper_token))
+      ApiAbility.new(doorkeeper_token)
     else
-      ApiAbility.new(current_user)
+      ApiAbility.new(nil)
     end
   end
 
@@ -144,8 +144,8 @@ class ApiController < ApplicationController
 
   ##
   # wrap an api call in a timeout
-  def api_call_timeout(&block)
-    Timeout.timeout(Settings.api_timeout, &block)
+  def api_call_timeout(&)
+    Timeout.timeout(Settings.api_timeout, &)
   rescue ActionView::Template::Error => e
     e = e.cause
 
@@ -170,4 +170,10 @@ class ApiController < ApplicationController
 
     raise OSM::APIRateLimitExceeded if new_changes > max_changes
   end
+
+  def scope_enabled?(scope)
+    doorkeeper_token&.includes_scope?(scope)
+  end
+
+  helper_method :scope_enabled?
 end