From bf4fbbeb06439ed488c4776e8b4ba429a906858e Mon Sep 17 00:00:00 2001
From: Connor Turland <connorturland@gmail.com>
Date: Sat, 12 Mar 2016 12:26:23 +1100
Subject: [PATCH] fix tokens

---
 app/controllers/api/restful_controller.rb | 2 +-
 app/controllers/api/tokens_controller.rb  | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/restful_controller.rb b/app/controllers/api/restful_controller.rb
index d6c544e2..06396e3d 100644
--- a/app/controllers/api/restful_controller.rb
+++ b/app/controllers/api/restful_controller.rb
@@ -5,7 +5,7 @@ class API::RestfulController < ActionController::Base
   snorlax_used_rest!
 
   rescue_from(Pundit::NotAuthorizedError) { |e| respond_with_standard_error e, 403 }
-  load_and_authorize_resource except: [:index, :create] 
+  load_and_authorize_resource only: [:show, :update, :destroy]
 
   def create
     authorize resource_class
diff --git a/app/controllers/api/tokens_controller.rb b/app/controllers/api/tokens_controller.rb
index 481b41ba..3fcca370 100644
--- a/app/controllers/api/tokens_controller.rb
+++ b/app/controllers/api/tokens_controller.rb
@@ -1,13 +1,17 @@
 class Api::TokensController < API::RestfulController
 
-  skip_authorization
- 
   def my_tokens
     raise Pundit::NotAuthorizedError.new unless current_user
     instantiate_collection page_collection: false, timeframe_collection: false
     respond_with_collection
   end
 
+  private
+
+  def resource_serializer
+    "#{resource_name}_serializer".camelize.constantize
+  end
+
   def visible_records
     current_user.tokens
   end