diff options
| author | Simon Vocella <voxsim@gmail.com> | 2016-12-27 17:26:57 +0100 |
|---|---|---|
| committer | Tiago Botelho <tiagonbotelho@hotmail.com> | 2017-02-28 22:15:39 +0000 |
| commit | 81246e5649a8fb9e73369cbd117505a546d7e807 (patch) | |
| tree | fa51d0a0d504f25bf1151db6f115e3c8a4ec8ad4 /lib/api/users.rb | |
| parent | 4c4810b35b3b1729865640382b4c7e593f8b876d (diff) | |
| download | gitlab-ce-81246e5649a8fb9e73369cbd117505a546d7e807.tar.gz | |
manage personal_access_tokens through api
Diffstat (limited to 'lib/api/users.rb')
| -rw-r--r-- | lib/api/users.rb | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 7bb4b76f830..450d678061e 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -362,6 +362,70 @@ module API present paginate(events), with: Entities::Event end + + desc 'Retrieve personal access tokens. Available only for admins.' + params do + requires :user_id, type: Integer + optional :state, type: String, default: 'all', values: %w[all active inactive], desc: 'Filters (all|active|inactive) personal_access_tokens' + end + get ':user_id/personal_access_tokens' do + authenticated_as_admin! + + user = User.find_by(id: params[:user_id]) + not_found!('User') unless user + + personal_access_tokens = user.personal_access_tokens + + case params[:state] + when "active" + personal_access_tokens = personal_access_tokens.active + when "inactive" + personal_access_tokens = personal_access_tokens.inactive + end + + present personal_access_tokens, with: Entities::PersonalAccessToken + end + + desc 'Create a personal access token. Available only for admins.' + params do + requires :user_id, type: Integer, desc: 'The ID of the user' + requires :name, type: String, desc: 'The name of the personal access token' + optional :expires_at, type: Date, desc: 'The expiration date in the format YEAR-MONTH-DAY of the personal access token' + optional :scopes, type: Array, desc: 'The array of scopes of the personal access token' + end + post ':user_id/personal_access_tokens' do + authenticated_as_admin! + + user = User.find_by(id: params[:user_id]) + not_found!('User') unless user + + personal_access_token = PersonalAccessToken.generate(declared_params(include_missing: false)) + + if personal_access_token.save + present personal_access_token, with: Entities::PersonalAccessToken + else + render_validation_error!(personal_access_token) + end + end + + desc 'Revoke a personal access token. Available only for admins.' + params do + requires :user_id, type: Integer, desc: 'The ID of the user' + requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token' + end + delete ':user_id/personal_access_tokens/:personal_access_token_id' do + authenticated_as_admin! + + user = User.find_by(id: params[:user_id]) + not_found!('User') unless user + + personal_access_token = PersonalAccessToken.find_by(id: params[:personal_access_token_id]) + not_found!('PersonalAccessToken') unless personal_access_token + + personal_access_token.revoke! + + present personal_access_token, with: Entities::PersonalAccessToken + end end resource :user do |