X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c47a40c1db59f0d0f836fbcd1b876390befe796e..47a8907e2a622804ac400be8f4e7ec611f006c87:/app/controllers/api_controller.rb?ds=sidebyside

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 17c98fe8b..23f35a40e 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -65,9 +65,9 @@ class ApiController < ApplicationController
   def current_ability
     # Use capabilities from the oauth token if it exists and is a valid access token
     if doorkeeper_token&.accessible?
-      ApiAbility.new(nil).merge(ApiCapability.new(doorkeeper_token))
+      ApiAbility.new(doorkeeper_token)
     else
-      ApiAbility.new(current_user)
+      ApiAbility.new(nil)
     end
   end
 
@@ -170,4 +170,10 @@ class ApiController < ApplicationController
 
     raise OSM::APIRateLimitExceeded if new_changes > max_changes
   end
+
+  def scope_enabled?(scope)
+    doorkeeper_token&.includes_scope?(scope)
+  end
+
+  helper_method :scope_enabled?
 end