diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-12-16 17:38:41 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-12-16 17:38:41 +0000 |
| commit | ca6bf62ec14a37bf13f670ff7f62a4c12309fea5 (patch) | |
| tree | c70c694a1aa5541f904e6946c135d78d2c282601 /lib/api/users.rb | |
| parent | 3487551966ddad57111e34284245ed9074c024c5 (diff) | |
| parent | eb434b15ebbc7d0b7ed79bb2daa45601e3c918ca (diff) | |
| download | gitlab-ce-ca6bf62ec14a37bf13f670ff7f62a4c12309fea5.tar.gz | |
Merge branch '20492-access-token-scopes' into 'master'
Resolve "Add a doorkeeper scope suitable for authentication"
## What does this MR do?
- Add a single new scope (in addition to the `api` scope we've had) - `read_user`
- Allow creating OAuth applications and Personal access tokens with a scope selected
- Enforce scopes in the API
## What are the relevant issue numbers?
- Closes #20492
- EE counterpart for this MR: gitlab-org/gitlab-ee!946
See merge request !5951
Diffstat (limited to 'lib/api/users.rb')
| -rw-r--r-- | lib/api/users.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index c7db2d71017..0842c3874c5 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -2,7 +2,10 @@ module API class Users < Grape::API include PaginationParams - before { authenticate! } + before do + allow_access_with_scope :read_user if request.get? + authenticate! + end resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do helpers do |