diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/helpers.rb | 4 | ||||
| -rw-r--r-- | lib/api/users.rb | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index a9b364da9e1..e5f5de2af57 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -116,7 +116,7 @@ module API forbidden! unless current_user.is_admin? end - def authorize!(action, subject = nil) + def authorize!(action, subject = :global) forbidden! unless can?(current_user, action, subject) end @@ -134,7 +134,7 @@ module API end end - def can?(object, action, subject) + def can?(object, action, subject = :global) Ability.allowed?(object, action, subject) end diff --git a/lib/api/users.rb b/lib/api/users.rb index 549003f576a..2d4d5a25221 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -45,7 +45,7 @@ module API use :pagination end get do - unless can?(current_user, :read_users_list, nil) + unless can?(current_user, :read_users_list) render_api_error!("Not authorized.", 403) end |