use a nil subject when we want to check global abilities

2bdcef4d · http://jneen.net/ · 2b26270a · 2bdcef4d · 2bdcef4d
Commit 2bdcef4d authored 8 years ago by http://jneen.net/
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -30,7 +30,7 @@ module API
      # Example Request:
      #   POST /groups
      post do
-        authorize! :create_group, current_user
+        authorize! :create_group
        required_attributes! [:name, :path]
  
        attrs = attributes_for_keys [:name, :path, :description, :visibility_level]

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -129,7 +129,7 @@ module API
      forbidden! unless current_user.is_admin?
    end
  
-    def authorize!(action, subject)
+    def authorize!(action, subject = nil)
      forbidden! unless can?(current_user, action, subject)
    end