Calls to the API are checked for scope.

- Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
author: Timothy Andrew <mail@timothyandrew.net> 2016-11-22 14:34:23 +0530
committer: Timothy Andrew <mail@timothyandrew.net> 2016-12-16 16:29:31 +0530
commit: 7fa06ed55d18af4d055041eb27d38fecf9b5548f (patch)
tree: d2565cdc70269e5f244e7cf542170b0d5d8cf7aa /config/locales
parent: 6c809dfae84e702f7a49d3fac5725745264e0ff9 (diff)
download: gitlab-ce-7fa06ed55d18af4d055041eb27d38fecf9b5548f.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index a4032a21420..1d728282d90 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -59,6 +59,7 @@ en:
           unknown: "The access token is invalid"
     scopes:
       api: Access your API
+      read_user: Read user information
 
     flash:
       applications:
author	Timothy Andrew <mail@timothyandrew.net>	2016-11-22 14:34:23 +0530
committer	Timothy Andrew <mail@timothyandrew.net>	2016-12-16 16:29:31 +0530
commit	7fa06ed55d18af4d055041eb27d38fecf9b5548f (patch)
tree	d2565cdc70269e5f244e7cf542170b0d5d8cf7aa /config/locales
parent	6c809dfae84e702f7a49d3fac5725745264e0ff9 (diff)
download	gitlab-ce-7fa06ed55d18af4d055041eb27d38fecf9b5548f.tar.gz