Rework capabilities to avoid assumptions about missing tokens

[rails.git] / app / models / capability.rb

diff --git a/app/models/capability.rb b/app/models/capability.rb
index db2d7171170745acda1dc9898411473b8808ef53..72c5545cb4ec5a9b04d5e0c4b5d453765fa754cc 100644 (file)
--- a/app/models/capability.rb
+++ b/app/models/capability.rb
@@ -7,15 +7,12 @@ class Capability
     if user
       can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
       can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
-
     end
   end
 
   private
 
-  # If a user provides no tokens, they've authenticated via a non-oauth method
-  # and permission to access to all capabilities is assumed.
   def capability?(token, cap)
-    token.nil? || token.read_attribute(cap)
+    token&.read_attribute(cap)
   end
 end