diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-27 11:57:43 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-27 11:57:43 +0300 |
commit | bc299f54e841488b4ab37777761db1dfc7f3b60e (patch) | |
tree | bf58693acb03633a63138874072e3d3af3ee9f76 /lib/gitlab/auth | |
parent | 2fad41087674984a064cf6a312ac34c16bb2a1aa (diff) |
Add latest changes from gitlab-org/security/gitlab@13-11-stable-ee
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/scope_validator.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/gitlab/auth/scope_validator.rb b/lib/gitlab/auth/scope_validator.rb new file mode 100644 index 00000000000..de4c36ad594 --- /dev/null +++ b/lib/gitlab/auth/scope_validator.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +# Wrapper around a RequestAuthenticator to +# perform authorization of scopes. Access is limited to +# only those methods needed to validate that an API user +# has at least one permitted scope. +module Gitlab + module Auth + class ScopeValidator + def initialize(api_user, request_authenticator) + @api_user = api_user + @request_authenticator = request_authenticator + end + + def valid_for?(permitted) + return true unless @api_user + return true if permitted.none? + + scopes = permitted.map { |s| API::Scope.new(s) } + @request_authenticator.valid_access_token?(scopes: scopes) + end + end + end +end |