root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Implement review comments from @dbalexandre for !12300.

This commit is contained in:
Timothy Andrew 2017-06-23 11:18:44 +00:00
parent 1b8223dd51
commit 4dbfa14e16
3 changed files with 18 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/api/api_guard.rb
View File

@ -30,15 +30,13 @@ module API
# endpoint class. If this method is called multiple times on the same class, # endpoint class. If this method is called multiple times on the same class,
# the scopes are all aggregated. # the scopes are all aggregated.
def allow_access_with_scope(scopes, options = {}) def allow_access_with_scope(scopes, options = {})
@scopes ||= [] Array(scopes).each do |scope|
allowed_scopes << { name: scope, if: options[:if] }
params = Array.wrap(scopes).map { |scope| { name: scope, if: options[:if] } } end
@scopes.concat(params)
end end
def scopes def allowed_scopes
@scopes @scopes ||= []
end end
end end

4
lib/api/helpers.rb
View File

@ -416,8 +416,8 @@ module API
begin begin
endpoint_classes = [options[:for].presence, ::API::API].compact endpoint_classes = [options[:for].presence, ::API::API].compact
endpoint_classes.reduce([]) do |memo, endpoint| endpoint_classes.reduce([]) do |memo, endpoint|
if endpoint.respond_to?(:scopes) if endpoint.respond_to?(:allowed_scopes)
memo.concat(endpoint.scopes) memo.concat(endpoint.allowed_scopes)
else else
memo memo
end end

24
spec/services/access_token_validation_service_spec.rb
View File

@ -41,24 +41,22 @@ describe AccessTokenValidationService, services: true do
end end
context "conditions" do context "conditions" do
context "if" do it "ignores any scopes whose `if` condition returns false" do
it "ignores any scopes whose `if` condition returns false" do token = double("token", scopes: [:api, :read_user])
token = double("token", scopes: [:api, :read_user])
expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }])).to be(false) expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }])).to be(false)
end end
it "does not ignore scopes whose `if` condition is not set" do it "does not ignore scopes whose `if` condition is not set" do
token = double("token", scopes: [:api, :read_user]) token = double("token", scopes: [:api, :read_user])
expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }, { name: :read_user }])).to be(true) expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }, { name: :read_user }])).to be(true)
end end
it "does not ignore scopes whose `if` condition returns true" do it "does not ignore scopes whose `if` condition returns true" do
token = double("token", scopes: [:api, :read_user]) token = double("token", scopes: [:api, :read_user])
expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { true } }, { name: :read_user, if: ->(_) { false } }])).to be(true) expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { true } }, { name: :read_user, if: ->(_) { false } }])).to be(true)
end
end end
end end
end end