class ApplicationController < ActionController::Base
include SessionPersistence
- # check_authorization
protect_from_forgery :with => :exception
end
def current_ability
- Ability.new(current_user).merge(granted_capabily)
+ Ability.new(current_user).merge(granted_capability)
end
- def granted_capabily
+ def granted_capability
Capability.new(current_user, current_token)
end
def deny_access(_exception)
- if current_user
+ if current_token
set_locale
report_error t("oauth.permissions.missing"), :forbidden
+ elsif current_user
+ set_locale
+ report_error t("application.permission_denied"), :forbidden
+ elsif request.get?
+ redirect_to :controller => "users", :action => "login", :referer => request.fullpath
else
- require_user
+ head :forbidden
end
end