end
def current_ability
- # Add in capabilities from the oauth token if it exists and is a valid access token
+ # Use capabilities from the oauth token if it exists and is a valid access token
if Authenticator.new(self, [:token]).allow?
- Ability.new(current_user).merge(Capability.new(current_token))
+ Capability.new(current_token)
else
Ability.new(current_user)
end