X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/aaf56003427cfcbd89fda0847726fd0baa34050c..981e4a34b5d5ea1c1e3da1518697e2cf5e6ab0b3:/app/controllers/application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b9cf449ea..0411f75c4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -118,24 +118,6 @@ class ApplicationController < ActionController::Base
     require_capability(:allow_write_gpx)
   end
 
-  def require_allow_write_notes
-    require_capability(:allow_write_notes)
-  end
-
-  ##
-  # require that the user is a moderator, or fill out a helpful error message
-  # and return them to the index for the controller this is wrapped from.
-  def require_moderator
-    unless current_user.moderator?
-      if request.get?
-        flash[:error] = t("application.require_moderator.not_a_moderator")
-        redirect_to :action => "index"
-      else
-        head :forbidden
-      end
-    end
-  end
-
   ##
   # sets up the current_user for use by other methods. this is mostly called
   # from the authorize method, but can be called elsewhere if authorisation
@@ -193,11 +175,6 @@ class ApplicationController < ActionController::Base
   ##
   # to be used as a before_filter *after* authorize. this checks that
   # the user is a moderator and, if not, returns a forbidden error.
-  #
-  # NOTE: this isn't a very good way of doing it - it duplicates logic
-  # from require_moderator - but what we really need to do is a fairly
-  # drastic refactoring based on :format and respond_to? but not a
-  # good idea to do that in this branch.
   def authorize_moderator(errormessage = "Access restricted to moderators")
     # check user is a moderator
     unless current_user.moderator?
@@ -469,9 +446,9 @@ class ApplicationController < ActionController::Base
   end
 
   def current_ability
-    # Add in capabilities from the oauth token if it exists and is a valid access token
+    # Use capabilities from the oauth token if it exists and is a valid access token
     if Authenticator.new(self, [:token]).allow?
-      Ability.new(current_user).merge(Capability.new(current_token))
+      Capability.new(current_token)
     else
       Ability.new(current_user)
     end