1 # frozen_string_literal: true
4 include CanCan::Ability
6 def initialize(user, token)
8 can [:read, :read_one], UserPreference if has_capability?(token, :allow_read_prefs)
9 can [:update, :update_one, :delete_one], UserPreference if has_capability?(token, :allow_write_prefs)
14 # If a user provides no tokens, they've authenticated via a non-oauth method
15 # and permission to access to all capabilities is assumed.
16 def has_capability?(token, cap)
17 token.nil? || token.read_attribute(cap)