From 0b81b5ace0dd7c5ba3362238d8be41ce178e1ecc Mon Sep 17 00:00:00 2001
From: "Z.J. van de Weg" <git@zjvandeweg.nl>
Date: Wed, 31 May 2017 15:55:12 +0200
Subject: Create read_registry scope with JWT auth

This is the first commit doing mainly 3 things:
1. create a new scope and allow users to use it
2. Have the JWTController respond correctly on this
3. Updates documentation to suggest usage of PATs

There is one gotcha, there will be no support for impersonation tokens, as this
seems not needed.

Fixes gitlab-org/gitlab-ce#19219
---
 app/models/personal_access_token.rb | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'app/models')

diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb
index e8b000ddad6..0aee696bed3 100644
--- a/app/models/personal_access_token.rb
+++ b/app/models/personal_access_token.rb
@@ -15,11 +15,10 @@ class PersonalAccessToken < ActiveRecord::Base
   scope :without_impersonation, -> { where(impersonation: false) }
 
   validates :scopes, presence: true
-  validate :validate_api_scopes
+  validate :validate_scopes
 
   def revoke!
-    self.revoked = true
-    self.save
+    update!(revoked: true)
   end
 
   def active?
@@ -28,9 +27,9 @@ class PersonalAccessToken < ActiveRecord::Base
 
   protected
 
-  def validate_api_scopes
-    unless scopes.all? { |scope| Gitlab::Auth::API_SCOPES.include?(scope.to_sym) }
-      errors.add :scopes, "can only contain API scopes"
+  def validate_scopes
+    unless scopes.all? { |scope| Gitlab::Auth::AVAILABLE_SCOPES.include?(scope.to_sym) }
+      errors.add :scopes, "can only contain available scopes"
     end
   end
 end
-- 
cgit v1.2.3