blob: 2c60938b75a8a9aaa1f184957fb4fff65bc03931 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# frozen_string_literal: true
module API
class PersonalAccessTokens < ::API::Base
include ::API::PaginationParams
feature_category :authentication_and_authorization
desc 'Get all Personal Access Tokens' do
detail 'This feature was added in GitLab 13.3'
success Entities::PersonalAccessToken
end
params do
optional :user_id, type: Integer, desc: 'User ID'
use :pagination
end
before do
authenticate!
restrict_non_admins! unless current_user.admin?
end
helpers do
def finder_params(current_user)
current_user.admin? ? { user: user(params[:user_id]) } : { user: current_user }
end
def user(user_id)
UserFinder.new(user_id).find_by_id
end
def restrict_non_admins!
return if params[:user_id].blank?
unauthorized! unless Ability.allowed?(current_user, :read_user_personal_access_tokens, user(params[:user_id]))
end
def find_token(id)
PersonalAccessToken.find(id) || not_found!
end
end
resources :personal_access_tokens do
get do
tokens = PersonalAccessTokensFinder.new(finder_params(current_user), current_user).execute
present paginate(tokens), with: Entities::PersonalAccessToken
end
delete ':id' do
service = ::PersonalAccessTokens::RevokeService.new(
current_user,
token: find_token(params[:id])
).execute
service.success? ? no_content! : bad_request!(nil)
end
end
end
end
|