diff options
| author | Horatiu Eugen Vlad <horatiu@vlad.eu> | 2019-04-15 13:05:55 +0000 |
|---|---|---|
| committer | James Lopez <james@gitlab.com> | 2019-04-15 13:05:55 +0000 |
| commit | 0aa56d895dba21d3a01b78d35c445107e224ed0c (patch) | |
| tree | f97e1d6d289af84b5838db149a9208ae0f70b267 /app/controllers | |
| parent | 922fae29ca100e7f7f30fcb62541305994430779 (diff) | |
| download | gitlab-ce-0aa56d895dba21d3a01b78d35c445107e224ed0c.tar.gz | |
Added write_repository scope for personal access token
Diffstat (limited to 'app/controllers')
4 files changed, 4 insertions, 4 deletions
diff --git a/app/controllers/admin/impersonation_tokens_controller.rb b/app/controllers/admin/impersonation_tokens_controller.rb index cfe29d734b7..c35619a944e 100644 --- a/app/controllers/admin/impersonation_tokens_controller.rb +++ b/app/controllers/admin/impersonation_tokens_controller.rb @@ -49,7 +49,7 @@ class Admin::ImpersonationTokensController < Admin::ApplicationController # rubocop: disable CodeReuse/ActiveRecord def set_index_vars - @scopes = Gitlab::Auth.available_scopes(current_user) + @scopes = Gitlab::Auth.available_scopes_for(current_user) @impersonation_token ||= finder.build @inactive_impersonation_tokens = finder(state: 'inactive').execute diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index f9008a5b67e..49d21456f8e 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -22,7 +22,7 @@ class JwtController < ApplicationController private def authenticate_project_or_user - @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_authentication_abilities) + @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_only_authentication_abilities) authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 213d900a563..f1c07cd9a1d 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -42,7 +42,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController # rubocop: disable CodeReuse/ActiveRecord def set_index_vars - @scopes = Gitlab::Auth.available_scopes(current_user) + @scopes = Gitlab::Auth.available_scopes_for(current_user) @inactive_personal_access_tokens = finder(state: 'inactive').execute @active_personal_access_tokens = finder(state: 'active').execute.order(:expires_at) diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index 85628dd32d8..7a80da53025 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -83,7 +83,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController def render_missing_personal_access_token render plain: "HTTP Basic: Access denied\n" \ - "You must use a personal access token with 'api' scope for Git over HTTP.\n" \ + "You must use a personal access token with 'read_repository' or 'write_repository' scope for Git over HTTP.\n" \ "You can generate one at #{profile_personal_access_tokens_url}", status: :unauthorized end |