diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-20 11:27:45 +0300 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-28 10:17:13 +0300 |
commit | 80c1ebaa83f346e45346baac584f21878652c350 (patch) | |
tree | 9a4aa49a6ad51aee496696b4284979da4ff670eb /lib/api/helpers.rb | |
parent | 6f1922500bc9e2c6d53c46dfcbd420687dfe6e6b (diff) |
Allow API scope declarations to be applied conditionally.
- Scope declarations of the form:
allow_access_with_scope :read_user, if: -> (request) { request.get? }
will only apply for `GET` requests
- Add a negative test to a `POST` endpoint in the `users` API to test this. Also
test for this case in the `AccessTokenValidationService` unit tests.
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 3cf04e6df3c..c69e7afea8c 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -340,7 +340,7 @@ module API end def initial_current_user - endpoint_class = options[:for] + endpoint_class = options[:for].presence || ::API::API return @initial_current_user if defined?(@initial_current_user) Gitlab::Auth::UniqueIpsLimiter.limit_user! do |