From: Tom Hughes Date: Wed, 12 Dec 2018 22:41:29 +0000 (+0000) Subject: Allow abilities that require no login for token based access X-Git-Tag: live~3349 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/eb7c4cdedd4f18ceb7362b0f1766f4a8b0dfca62 Allow abilities that require no login for token based access Fixes #2085 --- diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0411f75c4..d4bbc1f9b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -448,7 +448,7 @@ class ApplicationController < ActionController::Base def current_ability # Use capabilities from the oauth token if it exists and is a valid access token if Authenticator.new(self, [:token]).allow? - Capability.new(current_token) + Ability.new(nil).merge(Capability.new(current_token)) else Ability.new(current_user) end