summaryrefslogtreecommitdiff
path: root/app/models/personal_access_token.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/personal_access_token.rb')
-rw-r--r--app/models/personal_access_token.rb7
1 files changed, 4 insertions, 3 deletions
diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb
index f3e38aba7c9..df8a0612b18 100644
--- a/app/models/personal_access_token.rb
+++ b/app/models/personal_access_token.rb
@@ -9,7 +9,8 @@ class PersonalAccessToken < ActiveRecord::Base
scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }
scope :inactive, -> { where("revoked = true OR expires_at < NOW()") }
- validate :validate_scopes
+ validates :scopes, presence: true
+ validate :validate_api_scopes
def self.generate(params)
personal_access_token = self.new(params)
@@ -24,8 +25,8 @@ class PersonalAccessToken < ActiveRecord::Base
protected
- def validate_scopes
- unless Set.new(scopes.map(&:to_sym)).subset?(Set.new(Gitlab::Auth::API_SCOPES))
+ def validate_api_scopes
+ unless scopes.all? { |scope| Gitlab::Auth::API_SCOPES.include?(scope.to_sym) }
errors.add :scopes, "can only contain API scopes"
end
end
View Lorry Controller Status