diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
| commit | 988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch) | |
| tree | 9d93267209387e62d23ea7abf81ef9c0d64f2f0b /lib/api/api_guard.rb | |
| parent | a325f3a104748ecc68df7c3d793940aa709a111f (diff) | |
| download | gitlab-ce-988b28ec1a379d38f6ac9ed04886ee564fd447fd.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/api/api_guard.rb')
| -rw-r--r-- | lib/api/api_guard.rb | 28 |
1 files changed, 9 insertions, 19 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 0769e464d26..5cab13f001e 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -50,17 +50,13 @@ module API user = find_user_from_sources return unless user + # Sessions are enforced to be unavailable for API calls, so ignore them for admin mode + Gitlab::Auth::CurrentUserMode.bypass_session!(user.id) if Feature.enabled?(:user_mode_in_session) + unless api_access_allowed?(user) forbidden!(api_access_denied_message(user)) end - # Set admin mode for API requests (if admin) - if Feature.enabled?(:user_mode_in_session) - current_user_mode = Gitlab::Auth::CurrentUserMode.new(user) - - current_user_mode.enable_sessionless_admin_mode! - end - user end @@ -154,19 +150,13 @@ module API end class AdminModeMiddleware < ::Grape::Middleware::Base - def initialize(app, **options) - super - end + def after + # Use a Grape middleware since the Grape `after` blocks might run + # before we are finished rendering the `Grape::Entity` classes + Gitlab::Auth::CurrentUserMode.reset_bypass_session! if Feature.enabled?(:user_mode_in_session) - def call(env) - if Feature.enabled?(:user_mode_in_session) - session = {} - Gitlab::Session.with_session(session) do - app.call(env) - end - else - app.call(env) - end + # Explicit nil is needed or the api call return value will be overwritten + nil end end end |