X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/bb5bad9115a014730575083a2bbc1be13e3bb49a..304e0ef63843ddcb55aab62312ff18be8a5b4703:/app/abilities/api_ability.rb

diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb
index e774f6820..3bc82eab2 100644
--- a/app/abilities/api_ability.rb
+++ b/app/abilities/api_ability.rb
@@ -3,14 +3,12 @@
 class ApiAbility
   include CanCan::Ability
 
-  def initialize(token)
+  def initialize(user, token)
     can :read, [:version, :capability, :permission, :map]
 
     if Settings.status != "database_offline"
-      user = User.find(token.resource_owner_id) if token
-
       can [:read, :feed, :search], Note
-      can :create, Note unless token
+      can :create, Note unless user
 
       can [:read, :download], Changeset
       can :read, Tracepoint