diff options
| author | Sean McGivern <sean@gitlab.com> | 2017-03-07 19:16:08 +0300 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2017-03-07 19:16:08 +0300 |
| commit | de37dcee90ac44ba794ad504e91f18b8fb4b13a3 (patch) | |
| tree | 8be4fd7cbbe1f1a06dfdfa1da12616989e28d783 /app/models/personal_access_token.rb | |
| parent | 6a52cda31da4becc3e342530a2bdf0868d8921cc (diff) | |
| parent | b2ca28d24bfbb0a574fccdf1ea05d549ccd6bf66 (diff) | |
Merge branch 'siemens/gitlab-ce-feature/openid-connect'
Diffstat (limited to 'app/models/personal_access_token.rb')
| -rw-r--r-- | app/models/personal_access_token.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb index 22809fe1487..e8b000ddad6 100644 --- a/app/models/personal_access_token.rb +++ b/app/models/personal_access_token.rb @@ -14,6 +14,9 @@ class PersonalAccessToken < ActiveRecord::Base scope :with_impersonation, -> { where(impersonation: true) } scope :without_impersonation, -> { where(impersonation: false) } + validates :scopes, presence: true + validate :validate_api_scopes + def revoke! self.revoked = true self.save @@ -22,4 +25,12 @@ class PersonalAccessToken < ActiveRecord::Base def active? !revoked? && !expired? end + + protected + + def validate_api_scopes + unless scopes.all? { |scope| Gitlab::Auth::API_SCOPES.include?(scope.to_sym) } + errors.add :scopes, "can only contain API scopes" + end + end end |