diff options
Diffstat (limited to 'lib/api/personal_access_tokens.rb')
-rw-r--r-- | lib/api/personal_access_tokens.rb | 60 |
1 files changed, 42 insertions, 18 deletions
diff --git a/lib/api/personal_access_tokens.rb b/lib/api/personal_access_tokens.rb index a2903faa4ad..66930ecd797 100644 --- a/lib/api/personal_access_tokens.rb +++ b/lib/api/personal_access_tokens.rb @@ -6,24 +6,6 @@ module API feature_category :authentication_and_authorization - desc 'Get all Personal Access Tokens' do - detail 'This feature was added in GitLab 13.3' - success Entities::PersonalAccessToken - end - params do - optional :user_id, type: Integer, desc: 'Filter PATs by User ID' - optional :revoked, type: Boolean, desc: 'Filter PATs where revoked state matches parameter' - optional :state, type: String, desc: 'Filter PATs which are either active or not', - values: %w[active inactive] - optional :created_before, type: DateTime, desc: 'Filter PATs which were created before given datetime' - optional :created_after, type: DateTime, desc: 'Filter PATs which were created after given datetime' - optional :last_used_before, type: DateTime, desc: 'Filter PATs which were used before given datetime' - optional :last_used_after, type: DateTime, desc: 'Filter PATs which were used after given datetime' - optional :search, type: String, desc: 'Filters PATs by its name' - - use :pagination - end - before do authenticate! restrict_non_admins! unless current_user.can_admin_all_resources? @@ -32,12 +14,47 @@ module API helpers ::API::Helpers::PersonalAccessTokensHelpers resources :personal_access_tokens do + desc 'List personal access tokens' do + detail 'Get all personal access tokens the authenticated user has access to.' + is_array true + success Entities::PersonalAccessToken + tags %w[personal_access_tokens] + failure [ + { code: 401, message: 'Unauthorized' } + ] + end + params do + optional :user_id, type: Integer, desc: 'Filter PATs by User ID', documentation: { example: 2 } + optional :revoked, type: Boolean, desc: 'Filter PATs where revoked state matches parameter', + documentation: { example: false } + optional :state, type: String, desc: 'Filter PATs which are either active or not', + values: %w[active inactive], documentation: { example: 'active' } + optional :created_before, type: DateTime, desc: 'Filter PATs which were created before given datetime', + documentation: { example: '2022-01-01' } + optional :created_after, type: DateTime, desc: 'Filter PATs which were created after given datetime', + documentation: { example: '2021-01-01' } + optional :last_used_before, type: DateTime, desc: 'Filter PATs which were used before given datetime', + documentation: { example: '2021-01-01' } + optional :last_used_after, type: DateTime, desc: 'Filter PATs which were used after given datetime', + documentation: { example: '2022-01-01' } + optional :search, type: String, desc: 'Filters PATs by its name', documentation: { example: 'token' } + + use :pagination + end get do tokens = PersonalAccessTokensFinder.new(finder_params(current_user), current_user).execute present paginate(tokens), with: Entities::PersonalAccessToken end + desc 'Get single personal access token' do + detail 'Get a personal access token by using the ID of the personal access token.' + success Entities::PersonalAccessToken + failure [ + { code: 401, message: 'Unauthorized' }, + { code: 404, message: 'Not found' } + ] + end get ':id' do token = PersonalAccessToken.find_by_id(params[:id]) @@ -51,6 +68,13 @@ module API end end + desc 'Revoke a personal access token' do + detail 'Revoke a personal access token by using the ID of the personal access token.' + success code: 204 + failure [ + { code: 400, message: 'Bad Request' } + ] + end delete ':id' do token = find_token(params[:id]) |