Disentangle the api abilities from the web abilities
[rails.git] / app / controllers / application_controller.rb
index 3ab09b63d805bc67899c6e54dabeac86f7d5fa69..c880e6add00d756ec0b0d6c061a76d00bfa4e40c 100644 (file)
@@ -329,12 +329,7 @@ class ApplicationController < ActionController::Base
   end
 
   def current_ability
-    # Use capabilities from the oauth token if it exists and is a valid access token
-    if Authenticator.new(self, [:token]).allow?
-      Ability.new(nil).merge(Capability.new(current_token))
-    else
-      Ability.new(current_user)
-    end
+    Ability.new(current_user)
   end
 
   def deny_access(_exception)