diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-28 10:12:23 +0300 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-29 09:15:57 +0300 |
commit | b8ec1f4201c74c500e4f7010b238c7920599da7a (patch) | |
tree | f13e0aab941b8ff209716315a4d21626db878373 /lib/api/scope.rb | |
parent | c1fcd730cc9dbee5b41ce2a6a12f8d84416b1a4a (diff) |
Extract a `Gitlab::Scope` class.
- To represent an authorization scope, such as `api` or `read_user`
- This is a better abstraction than the hash we were previously using.
Diffstat (limited to 'lib/api/scope.rb')
-rw-r--r-- | lib/api/scope.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/api/scope.rb b/lib/api/scope.rb new file mode 100644 index 00000000000..c23846d1e7d --- /dev/null +++ b/lib/api/scope.rb @@ -0,0 +1,23 @@ +# Encapsulate a scope used for authorization, such as `api`, or `read_user` +module API + class Scope + attr_reader :name, :if + + def initialize(name, options = {}) + @name = name.to_sym + @if = options[:if] + end + + # Are the `scopes` passed in sufficient to adequately authorize the passed + # request for the scope represented by the current instance of this class? + def sufficient?(scopes, request) + verify_if_condition(request) && scopes.include?(self.name) + end + + private + + def verify_if_condition(request) + self.if.nil? || self.if.call(request) + end + end +end |