diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-20 12:00:57 +0000 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-28 07:17:13 +0000 |
commit | d774825f981a73263c9a6c276c672b0c3e9bf104 (patch) | |
tree | 15b0fa907a1d6d1de478f999412542b4f409247a /lib/api/api_guard.rb | |
parent | 157c05f49da1d6992d6b491e4fba8d90a7d821c8 (diff) | |
download | gitlab-ce-d774825f981a73263c9a6c276c672b0c3e9bf104.tar.gz |
When verifying scopes, manually include scopes from `API::API`.
- They are not included automatically since `API::Users` does not inherit from
`API::API`, as I initially assumed.
- Scopes declared in `API::API` are considered global (to the API), and need to
be included in all cases.
Diffstat (limited to 'lib/api/api_guard.rb')
-rw-r--r-- | lib/api/api_guard.rb | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index ceeecbbc00b..29ca760ec25 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -24,13 +24,11 @@ module API end class_methods do - # Set the authorization scope(s) allowed for the current request. + # Set the authorization scope(s) allowed for an API endpoint. # - # A call to this method adds to any previous scopes in place, either from the same class, or - # higher up in the inheritance chain. For example, if we call `allow_access_with_scope :api` from - # `API::API`, and `allow_access_with_scope :read_user` from `API::Users` (which inherits from `API::API`), - # `API::Users` will allow access with either the `api` or `read_user` scope. `API::API` will allow - # access only with the `api` scope. + # A call to this method maps the given scope(s) to the current API + # endpoint class. If this method is called multiple times on the same class, + # the scopes are all aggregated. def allow_access_with_scope(scopes, options = {}) @scopes ||= [] |