X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/951564eed1c82ec1a435f4e4636db86d1b7604fc..0db30c611a99d62381217d86c5a0bd9d104efb42:/app/controllers/api_controller.rb?ds=sidebyside diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 579af27cf..44efdc071 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -12,7 +12,16 @@ class ApiController < ApplicationController # no auth, the user does not exist or the password was wrong response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" render :plain => errormessage, :status => :unauthorized - return false + false + end + end + + def current_ability + # Use capabilities from the oauth token if it exists and is a valid access token + if Authenticator.new(self, [:token]).allow? + ApiAbility.new(nil).merge(ApiCapability.new(current_token)) + else + ApiAbility.new(current_user) end end