can [:create, :edit, :comment, :subscribe, :unsubscribe], DiaryEntry
+ can [:read, :read_one], UserPreference if has_capability?(token, :allow_read_prefs)
+ can [:update, :update_one, :delete_one], UserPreference if has_capability?(token, :allow_write_prefs)
+
if user.administrator?
can [:hide, :hidecomment], [DiaryEntry, DiaryComment]
end
# https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
end
+ # If a user provides no tokens, they've authenticated via a non-oauth method
+ # and permission to access to all capabilities is assumed.
def has_capability?(token, cap)
- token && token.read_attribute(cap)
+ token.nil? || token.read_attribute(cap)
end
end