diff options
| author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-06-27 15:19:24 +1000 |
|---|---|---|
| committer | Paul Slaughter <pslaughter@gitlab.com> | 2018-10-09 12:55:00 -0500 |
| commit | 84b63007313a35e4f1ef9c7efadb487f1d2cb4b4 (patch) | |
| tree | f732231d831fc5ef2c4378ce585b920ce912ec80 | |
| parent | 020e044485707ccce15ec95e5f0f51e3664ce94f (diff) | |
| download | gitlab-ce-feature/restricted_personal_access_tokens.tar.gz | |
PersonalAccessToken can be restricted to project from controllerfeature/restricted_personal_access_tokens
3 files changed, 26 insertions, 1 deletions
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 4b6ec2697b7..f5d9f7d85ca 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -37,7 +37,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController end def personal_access_token_params - params.require(:personal_access_token).permit(:name, :expires_at, scopes: []) + params.require(:personal_access_token).permit(:name, :expires_at, scopes: [], project_ids: []) end # rubocop: disable CodeReuse/ActiveRecord diff --git a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb index ed08a4c1bf2..8968bc38742 100644 --- a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb +++ b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb @@ -33,6 +33,23 @@ describe Profiles::PersonalAccessTokensController do expect(created_token).not_to be_nil expect(created_token.expires_at).to eq(expires_at) end + + it "tokens are not restricted by project by default" do + post :create, personal_access_token: token_attributes + + expect(created_token).not_to be_restricted_by_resource + end + + it "allows creation of tokens restricted by project" do + allowed_project = create(:project) + restricted_project = create(:project) + + post :create, personal_access_token: token_attributes.merge(project_ids: [allowed_project.id]) + + expect(created_token).to be_restricted_by_resource + expect(created_token.allows_resource?(allowed_project)).to be_truthy + expect(created_token.allows_resource?(restricted_project)).to be_falsey + end end describe '#index' do diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb index 5fdf301117b..e7e45ab0c0f 100644 --- a/spec/models/personal_access_token_spec.rb +++ b/spec/models/personal_access_token_spec.rb @@ -26,6 +26,14 @@ describe PersonalAccessToken do end end + describe '.create' do + it 'can be restricted to projects' do + token = create(:personal_access_token, projects: create_list(:project, 2)) + + expect(token.projects.count).to eq 2 + end + end + describe ".active?" do let(:active_personal_access_token) { build(:personal_access_token) } let(:revoked_personal_access_token) { build(:personal_access_token, :revoked) } |