Extract a `Gitlab::Scope` class.

- To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using.
author: Timothy Andrew <mail@timothyandrew.net> 2017-06-28 10:12:23 +0300
committer: Timothy Andrew <mail@timothyandrew.net> 2017-06-29 09:15:57 +0300
commit: b8ec1f4201c74c500e4f7010b238c7920599da7a (patch)
tree: f13e0aab941b8ff209716315a4d21626db878373 /lib/api/scope.rb
parent: c1fcd730cc9dbee5b41ce2a6a12f8d84416b1a4a (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/api/scope.rb b/lib/api/scope.rb
new file mode 100644
index 00000000000..c23846d1e7d
--- /dev/null
+++ b/lib/api/scope.rb
@@ -0,0 +1,23 @@
+# Encapsulate a scope used for authorization, such as `api`, or `read_user`
+module API
+  class Scope
+    attr_reader :name, :if
+
+    def initialize(name, options = {})
+      @name = name.to_sym
+      @if = options[:if]
+    end
+
+    # Are the `scopes` passed in sufficient to adequately authorize the passed
+    # request for the scope represented by the current instance of this class?
+    def sufficient?(scopes, request)
+      verify_if_condition(request) && scopes.include?(self.name)
+    end
+
+    private
+
+    def verify_if_condition(request)
+      self.if.nil? || self.if.call(request)
+    end
+  end
+end
author	Timothy Andrew <mail@timothyandrew.net>	2017-06-28 10:12:23 +0300
committer	Timothy Andrew <mail@timothyandrew.net>	2017-06-29 09:15:57 +0300
commit	b8ec1f4201c74c500e4f7010b238c7920599da7a (patch)
tree	f13e0aab941b8ff209716315a4d21626db878373 /lib/api/scope.rb
parent	c1fcd730cc9dbee5b41ce2a6a12f8d84416b1a4a (diff)