From: Tom Hughes <tom@compton.nu>
Date: Thu, 5 Sep 2024 21:21:03 +0000 (+0100)
Subject: Merge remote-tracking branch 'upstream/pull/5159'
X-Git-Tag: live~720
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/4c65c3dbfda51a2d5f08198efdd4783796767d8e?hp=5bdb8a43e12551db3799b6a0847d47c5b42c17f8

Merge remote-tracking branch 'upstream/pull/5159'
---

diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb
index 44e676345..07345d254 100644
--- a/app/abilities/api_capability.rb
+++ b/app/abilities/api_capability.rb
@@ -5,11 +5,7 @@ class ApiCapability
 
   def initialize(token)
     if Settings.status != "database_offline"
-      user = if token.respond_to?(:resource_owner_id)
-               User.find(token.resource_owner_id)
-             elsif token.respond_to?(:user)
-               token.user
-             end
+      user = User.find(token.resource_owner_id)
 
       if user&.active?
         can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes)
diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb
index bcfcaf74e..5e8396c67 100644
--- a/test/abilities/api_capability_test.rb
+++ b/test/abilities/api_capability_test.rb
@@ -88,12 +88,6 @@ end
 
 class UserApiCapabilityTest < ActiveSupport::TestCase
   test "user preferences" do
-    # a user with no tokens
-    capability = ApiCapability.new nil
-    [:index, :show, :update_all, :update, :destroy].each do |act|
-      assert capability.cannot? act, UserPreference
-    end
-
     # A user with empty tokens
     token = create(:oauth_access_token)
     capability = ApiCapability.new token