Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-09-26 12:06:00 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-09-26 12:06:00 +0000
commit: 5707f305f4b961e24369fcdaecf0b8ce1c34bad8 (patch)
tree: 3b291653b83b3e6c2bffc77c54527fbe6f6373be /lib/api/api_guard.rb
parent: 759cd6c2985088d187ed519f2a881c2c690b34ec (diff)
download: gitlab-ce-5707f305f4b961e24369fcdaecf0b8ce1c34bad8.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index a3fa7cd5cf9..02ea321df67 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -17,6 +17,8 @@ module API
         request.access_token
       end
 
+      use AdminModeMiddleware
+
       helpers HelperMethods
 
       install_error_responders(base)
@@ -52,6 +54,11 @@ module API
           forbidden!(api_access_denied_message(user))
         end
 
+        # Set admin mode for API requests (if admin)
+        if Feature.enabled?(:user_mode_in_session)
+          Gitlab::Auth::CurrentUserMode.new(user).enable_admin_mode!(skip_password_validation: true)
+        end
+
         user
       end
 
@@ -141,5 +148,22 @@ module API
         end
       end
     end
+
+    class AdminModeMiddleware < ::Grape::Middleware::Base
+      def initialize(app, **options)
+        super
+      end
+
+      def call(env)
+        if Feature.enabled?(:user_mode_in_session)
+          session = {}
+          Gitlab::Session.with_session(session) do
+            app.call(env)
+          end
+        else
+          app.call(env)
+        end
+      end
+    end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-09-26 12:06:00 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-09-26 12:06:00 +0000
commit	5707f305f4b961e24369fcdaecf0b8ce1c34bad8 (patch)
tree	3b291653b83b3e6c2bffc77c54527fbe6f6373be /lib/api/api_guard.rb
parent	759cd6c2985088d187ed519f2a881c2c690b34ec (diff)
download	gitlab-ce-5707f305f4b961e24369fcdaecf0b8ce1c34bad8.tar.gz