diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-12-19 14:15:58 +0100 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2019-01-15 10:23:42 +0100 |
| commit | 4d7f93519ca82cca0ed3a4ed2165b41fe254368f (patch) | |
| tree | 6e254fbe16bfe5ce8ffdf7278530e3071a8c7b30 /lib | |
| parent | 7a10ef6e751e643b482a171a305c4ce485b1b039 (diff) | |
| download | gitlab-ce-4d7f93519ca82cca0ed3a4ed2165b41fe254368f.tar.gz | |
Do not expose trigger token when user should not see it
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/entities.rb | 5 | ||||
| -rw-r--r-- | lib/api/helpers/presentable.rb | 29 | ||||
| -rw-r--r-- | lib/api/triggers.rb | 4 |
3 files changed, 35 insertions, 3 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb index a2a3c0a16d7..829d6fb13d4 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -1216,8 +1216,11 @@ module API end class Trigger < Grape::Entity + include ::API::Helpers::Presentable + expose :id - expose :token, :description + expose :token + expose :description expose :created_at, :updated_at, :last_used expose :owner, using: Entities::UserBasic end diff --git a/lib/api/helpers/presentable.rb b/lib/api/helpers/presentable.rb new file mode 100644 index 00000000000..973c2132efe --- /dev/null +++ b/lib/api/helpers/presentable.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +module API + module Helpers + ## + # This module makes it possible to use `app/presenters` with + # Grape Entities. It instantiates model presenter and passes + # options defined in the API endpoint to the presenter itself. + # + # present object, with: Entities::Something, + # current_user: current_user, + # another_option: 'my options' + # + # Example above will make `current_user` and `another_option` + # values available in the subclass of `Gitlab::View::Presenter` + # thorough a separate method in the presenter. + # + # The model class needs to have `::Presentable` module mixed in + # if you want to use `API::Helpers::Presentable`. + # + module Presentable + extend ActiveSupport::Concern + + def initialize(object, options = {}) + super(object.present(options), options) + end + end + end +end diff --git a/lib/api/triggers.rb b/lib/api/triggers.rb index 3ce1529f259..7b8691171f0 100644 --- a/lib/api/triggers.rb +++ b/lib/api/triggers.rb @@ -51,7 +51,7 @@ module API triggers = user_project.triggers.includes(:trigger_requests) - present paginate(triggers), with: Entities::Trigger + present paginate(triggers), with: Entities::Trigger, current_user: current_user end # rubocop: enable CodeReuse/ActiveRecord @@ -68,7 +68,7 @@ module API trigger = user_project.triggers.find(params.delete(:trigger_id)) break not_found!('Trigger') unless trigger - present trigger, with: Entities::Trigger + present trigger, with: Entities::Trigger, current_user: current_user end desc 'Create a trigger' do |