app/controllers/scrivito/webservice_controller.rb in scrivito_sdk-0.16.0 vs app/controllers/scrivito/webservice_controller.rb in scrivito_sdk-0.17.0

@@ -14,14 +14,26 @@
     unless allow_access?
       render text: 'Forbidden', status: 403
     end
   end
 
+  def editing_context
+    request.env[EditingContextMiddleware::ENVKEY] || EditingContext.new
+  end
+
+  def scrivito_user
+    editing_context.editor
+  end
+
   # If +true+, allow access to ObjsController, else deny access.
   # See {Scrivito::Configuration.editing_auth} for details.
   # @return [Bool]
   def allow_access?
-    Configuration.editing_auth_callback.call(request.env)
+    !!scrivito_user
+  end
+
+  def able_to?(ability)
+    scrivito_user && scrivito_user.able_to?(ability)
   end
 
   # Workaround for https://github.com/rails/rails/issues/8832
   def merge_correctly_parsed_json_params
     if request.format.json?