summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Edwards-Jones <jedwardsjones@gitlab.com>2018-06-27 15:19:24 +1000
committerJames Edwards-Jones <jedwardsjones@gitlab.com>2018-07-27 12:46:34 +0100
commita5991517fb142e15cc36f41a5a73beca6c3ece53 (patch)
treef75c85e75093c41bbaf760ca4d41ba266809800f
parent8a05ad3dc3b2ddeb54d8ce0449901b6b94cd99f5 (diff)
downloadgitlab-ce-jej/access-token-can-be-linked-to-projects.tar.gz
PersonalAccessToken can be restricted to project from controllerjej/access-token-can-be-linked-to-projects
-rw-r--r--app/controllers/profiles/personal_access_tokens_controller.rb2
-rw-r--r--spec/controllers/profiles/personal_access_tokens_controller_spec.rb17
-rw-r--r--spec/models/personal_access_token_spec.rb8
3 files changed, 26 insertions, 1 deletions
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb
index 346eab4ba19..450f31cd851 100644
--- a/app/controllers/profiles/personal_access_tokens_controller.rb
+++ b/app/controllers/profiles/personal_access_tokens_controller.rb
@@ -35,7 +35,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
end
def personal_access_token_params
- params.require(:personal_access_token).permit(:name, :expires_at, scopes: [])
+ params.require(:personal_access_token).permit(:name, :expires_at, scopes: [], project_ids: [])
end
def set_index_vars
diff --git a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb
index ed08a4c1bf2..8968bc38742 100644
--- a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb
+++ b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb
@@ -33,6 +33,23 @@ describe Profiles::PersonalAccessTokensController do
expect(created_token).not_to be_nil
expect(created_token.expires_at).to eq(expires_at)
end
+
+ it "tokens are not restricted by project by default" do
+ post :create, personal_access_token: token_attributes
+
+ expect(created_token).not_to be_restricted_by_resource
+ end
+
+ it "allows creation of tokens restricted by project" do
+ allowed_project = create(:project)
+ restricted_project = create(:project)
+
+ post :create, personal_access_token: token_attributes.merge(project_ids: [allowed_project.id])
+
+ expect(created_token).to be_restricted_by_resource
+ expect(created_token.allows_resource?(allowed_project)).to be_truthy
+ expect(created_token.allows_resource?(restricted_project)).to be_falsey
+ end
end
describe '#index' do
diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb
index 5fdf301117b..e7e45ab0c0f 100644
--- a/spec/models/personal_access_token_spec.rb
+++ b/spec/models/personal_access_token_spec.rb
@@ -26,6 +26,14 @@ describe PersonalAccessToken do
end
end
+ describe '.create' do
+ it 'can be restricted to projects' do
+ token = create(:personal_access_token, projects: create_list(:project, 2))
+
+ expect(token.projects.count).to eq 2
+ end
+ end
+
describe ".active?" do
let(:active_personal_access_token) { build(:personal_access_token) }
let(:revoked_personal_access_token) { build(:personal_access_token, :revoked) }