diff options
| author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-20 07:40:24 +0000 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-28 07:17:13 +0000 |
| commit | 6f1922500bc9e2c6d53c46dfcbd420687dfe6e6b (patch) | |
| tree | b9de79a82757d00156ddf2f86453ae5b2ee7944d /app/services/access_token_validation_service.rb | |
| parent | 08ad0af49c017d740b43588c0809b3811d25a448 (diff) | |
| download | gitlab-ce-6f1922500bc9e2c6d53c46dfcbd420687dfe6e6b.tar.gz | |
Initial attempt at refactoring API scope declarations.
- Declaring an endpoint's scopes in a `before` block has proved to be
unreliable. For example, if we're accessing the `API::Users` endpoint - code
in a `before` block in `API::API` wouldn't be able to see the scopes set in
`API::Users` since the `API::API` `before` block runs first.
- This commit moves these declarations to the class level, since they don't need
to change once set.
Diffstat (limited to 'app/services/access_token_validation_service.rb')
| -rw-r--r-- | app/services/access_token_validation_service.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/services/access_token_validation_service.rb b/app/services/access_token_validation_service.rb index b2a543daa00..f171f8194bd 100644 --- a/app/services/access_token_validation_service.rb +++ b/app/services/access_token_validation_service.rb @@ -31,8 +31,11 @@ class AccessTokenValidationService if scopes.blank? true else + #scopes = scopes.reject { |scope| scope[:if].presence && !scope[:if].call(request) } # Check whether the token is allowed access to any of the required scopes. - Set.new(scopes).intersection(Set.new(token.scopes)).present? + + scope_names = scopes.map { |scope| scope[:name].to_s } + Set.new(scope_names).intersection(Set.new(token.scopes)).present? end end end |