Fix api endpoints

app/Http/Controllers/Api/BaseApiController.php

@@ -56,8 +56,7 @@ class BaseApiController extends Controller
 
     public function notifications(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
 		$pid = $request->user()->profile_id;
 		$limit = $request->input('limit', 20);
@@ -99,8 +98,7 @@ class BaseApiController extends Controller
 
     public function avatarUpdate(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('write'), 403);
+        abort_if(!$request->user(), 403);
 
         $this->validate($request, [
             'upload'   => 'required|mimetypes:image/jpeg,image/jpg,image/png|max:'.config('pixelfed.max_avatar_size'),
@@ -137,8 +135,7 @@ class BaseApiController extends Controller
 
     public function verifyCredentials(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
         $user = $request->user();
         if ($user->status != null) {
@@ -151,8 +148,7 @@ class BaseApiController extends Controller
 
     public function accountLikes(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
         $this->validate($request, [
         	'page' => 'sometimes|int|min:1|max:20',
@@ -180,8 +176,7 @@ class BaseApiController extends Controller
 
     public function archive(Request $request, $id)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('write'), 403);
+        abort_if(!$request->user(), 403);
 
         $status = Status::whereNull('in_reply_to_id')
             ->whereNull('reblog_of_id')
@@ -209,8 +204,7 @@ class BaseApiController extends Controller
 
     public function unarchive(Request $request, $id)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('write'), 403);
+        abort_if(!$request->user(), 403);
 
         $status = Status::whereNull('in_reply_to_id')
             ->whereNull('reblog_of_id')
@@ -237,8 +231,7 @@ class BaseApiController extends Controller
 
     public function archivedPosts(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
         $statuses = Status::whereProfileId($request->user()->profile_id)
             ->whereScope('archived')

app/Http/Controllers/Api/V1/DomainBlockController.php

@@ -23,8 +23,7 @@ class DomainBlockController extends Controller
 
     public function index(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
         $this->validate($request, [
             'limit' => 'sometimes|integer|min:1|max:200'
@@ -54,8 +53,7 @@ class DomainBlockController extends Controller
 
     public function store(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('write'), 403);
+        abort_if(!$request->user(), 403);
 
         $this->validate($request, [
             'domain' => 'required|active_url|min:1|max:120'
@@ -102,8 +100,7 @@ class DomainBlockController extends Controller
 
     public function delete(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('write'), 403);
+        abort_if(!$request->user(), 403);
 
         $this->validate($request, [
             'domain' => 'required|min:1|max:120'

app/Http/Controllers/Api/V1/TagsController.php

@@ -47,8 +47,7 @@ class TagsController extends Controller
     */
     public function followHashtag(Request $request, $id)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('follow'), 403);
+        abort_if(!$request->user(), 403);
 
         $pid = $request->user()->profile_id;
         $account = AccountService::get($pid);
@@ -90,8 +89,7 @@ class TagsController extends Controller
     */
     public function unfollowHashtag(Request $request, $id)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('follow'), 403);
+        abort_if(!$request->user(), 403);
 
         $pid = $request->user()->profile_id;
         $account = AccountService::get($pid);
@@ -136,8 +134,7 @@ class TagsController extends Controller
     */
     public function getHashtag(Request $request, $id)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
         $pid = $request->user()->profile_id;
         $account = AccountService::get($pid);
@@ -177,8 +174,7 @@ class TagsController extends Controller
     */
     public function getFollowedTags(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
         $account = AccountService::get($request->user()->profile_id);