Disentangle the api abilities from the web abilities

[rails.git] / app / controllers / application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5fc31adb8e8b99ccf7c74b5eb117c9dffeffa821..c880e6add00d756ec0b0d6c061a76d00bfa4e40c 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -95,14 +95,14 @@ class ApplicationController < ActionController::Base
   end
 
   def check_api_readable
-    if api_status == :offline
+    if api_status == "offline"
       report_error "Database offline for maintenance", :service_unavailable
       false
     end
   end
 
   def check_api_writable
-    unless api_status == :online
+    unless api_status == "online"
       report_error "Database offline for maintenance", :service_unavailable
       false
     end
@@ -110,21 +110,21 @@ class ApplicationController < ActionController::Base
 
   def database_status
     if Settings.status == "database_offline"
-      :offline
+      "offline"
     elsif Settings.status == "database_readonly"
-      :readonly
+      "readonly"
     else
-      :online
+      "online"
     end
   end
 
   def api_status
     status = database_status
-    if status == :online
+    if status == "online"
       if Settings.status == "api_offline"
-        status = :offline
+        status = "offline"
       elsif Settings.status == "api_readonly"
-        status = :readonly
+        status = "readonly"
       end
     end
     status
@@ -329,12 +329,7 @@ class ApplicationController < ActionController::Base
   end
 
   def current_ability
-    # Use capabilities from the oauth token if it exists and is a valid access token
-    if Authenticator.new(self, [:token]).allow?
-      Ability.new(nil).merge(Capability.new(current_token))
-    else
-      Ability.new(current_user)
-    end
+    Ability.new(current_user)
   end
 
   def deny_access(_exception)