diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-20 07:40:24 +0000 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-28 07:17:13 +0000 |
commit | 6f1922500bc9e2c6d53c46dfcbd420687dfe6e6b (patch) | |
tree | b9de79a82757d00156ddf2f86453ae5b2ee7944d /lib/api/helpers.rb | |
parent | 08ad0af49c017d740b43588c0809b3811d25a448 (diff) | |
download | gitlab-ce-6f1922500bc9e2c6d53c46dfcbd420687dfe6e6b.tar.gz |
Initial attempt at refactoring API scope declarations.
- Declaring an endpoint's scopes in a `before` block has proved to be
unreliable. For example, if we're accessing the `API::Users` endpoint - code
in a `before` block in `API::API` wouldn't be able to see the scopes set in
`API::Users` since the `API::API` `before` block runs first.
- This commit moves these declarations to the class level, since they don't need
to change once set.
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 2c73a6fdc4e..3cf04e6df3c 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -340,10 +340,12 @@ module API end def initial_current_user + endpoint_class = options[:for] + return @initial_current_user if defined?(@initial_current_user) Gitlab::Auth::UniqueIpsLimiter.limit_user! do - @initial_current_user ||= find_user_by_private_token(scopes: @scopes) - @initial_current_user ||= doorkeeper_guard(scopes: @scopes) + @initial_current_user ||= find_user_by_private_token(scopes: endpoint_class.scopes) + @initial_current_user ||= doorkeeper_guard(scopes: endpoint_class.scopes) @initial_current_user ||= find_user_from_warden unless @initial_current_user && Gitlab::UserAccess.new(@initial_current_user).allowed? |