diff options
| author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-06-27 15:19:24 +1000 |
|---|---|---|
| committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-07-27 12:46:34 +0100 |
| commit | a5991517fb142e15cc36f41a5a73beca6c3ece53 (patch) | |
| tree | f75c85e75093c41bbaf760ca4d41ba266809800f | |
| parent | 8a05ad3dc3b2ddeb54d8ce0449901b6b94cd99f5 (diff) | |
| download | gitlab-ce-jej/access-token-can-be-linked-to-projects.tar.gz | |
PersonalAccessToken can be restricted to project from controllerjej/access-token-can-be-linked-to-projects
3 files changed, 26 insertions, 1 deletions
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 346eab4ba19..450f31cd851 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -35,7 +35,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController end def personal_access_token_params - params.require(:personal_access_token).permit(:name, :expires_at, scopes: []) + params.require(:personal_access_token).permit(:name, :expires_at, scopes: [], project_ids: []) end def set_index_vars diff --git a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb index ed08a4c1bf2..8968bc38742 100644 --- a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb +++ b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb @@ -33,6 +33,23 @@ describe Profiles::PersonalAccessTokensController do expect(created_token).not_to be_nil expect(created_token.expires_at).to eq(expires_at) end + + it "tokens are not restricted by project by default" do + post :create, personal_access_token: token_attributes + + expect(created_token).not_to be_restricted_by_resource + end + + it "allows creation of tokens restricted by project" do + allowed_project = create(:project) + restricted_project = create(:project) + + post :create, personal_access_token: token_attributes.merge(project_ids: [allowed_project.id]) + + expect(created_token).to be_restricted_by_resource + expect(created_token.allows_resource?(allowed_project)).to be_truthy + expect(created_token.allows_resource?(restricted_project)).to be_falsey + end end describe '#index' do diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb index 5fdf301117b..e7e45ab0c0f 100644 --- a/spec/models/personal_access_token_spec.rb +++ b/spec/models/personal_access_token_spec.rb @@ -26,6 +26,14 @@ describe PersonalAccessToken do end end + describe '.create' do + it 'can be restricted to projects' do + token = create(:personal_access_token, projects: create_list(:project, 2)) + + expect(token.projects.count).to eq 2 + end + end + describe ".active?" do let(:active_personal_access_token) { build(:personal_access_token) } let(:revoked_personal_access_token) { build(:personal_access_token, :revoked) } |