Implement review comments from @dbalexandre for !12300.

4dbfa14e · Timothy Andrew · 1b8223dd · 4dbfa14e · 4dbfa14e · 4dbfa14e
Commit 4dbfa14e authored Jun 23, 2017 by Timothy Andrew
Showing with 18 additions and 22 deletions

lib/api/api_guard.rb lib/api/api_guard.rb +5 -7

lib/api/helpers.rb lib/api/helpers.rb +2 -2

spec/services/access_token_validation_service_spec.rb spec/services/access_token_validation_service_spec.rb +11 -13

No files found.
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -30,15 +30,13 @@ module API
      # endpoint class. If this method is called multiple times on the same class,
      # the scopes are all aggregated.
      def allow_access_with_scope(scopes, options = {})
-        @scopes ||= []
+        Array(scopes).each do |scope|
+          allowed_scopes << { name: scope, if: options[:if] }
-        params = Array.wrap(scopes).map { |scope| { name: scope, if: options[:if] } }
+        end
-        @scopes.concat(params)
      end
-      def scopes
+      def allowed_scopes
-        @scopes
+        @scopes ||= []
      end
    end

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -416,8 +416,8 @@ module API
        begin
          endpoint_classes = [options[:for].presence, ::API::API].compact
          endpoint_classes.reduce([]) do |memo, endpoint|
-            if endpoint.respond_to?(:scopes)
+            if endpoint.respond_to?(:allowed_scopes)
-              memo.concat(endpoint.scopes)
+              memo.concat(endpoint.allowed_scopes)
            else
              memo
            end

--- a/spec/services/access_token_validation_service_spec.rb
+++ b/spec/services/access_token_validation_service_spec.rb
@@ -41,24 +41,22 @@ describe AccessTokenValidationService, services: true do
    end
    context "conditions" do
-      context "if" do
+      it "ignores any scopes whose `if` condition returns false" do
-        it "ignores any scopes whose `if` condition returns false" do
+        token = double("token", scopes: [:api, :read_user])
-          token = double("token", scopes: [:api, :read_user])
-          expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }])).to be(false)
+        expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }])).to be(false)
-        end
+      end
-        it "does not ignore scopes whose `if` condition is not set" do
+      it "does not ignore scopes whose `if` condition is not set" do
-          token = double("token", scopes: [:api, :read_user])
+        token = double("token", scopes: [:api, :read_user])
-          expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }, { name: :read_user }])).to be(true)
+        expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { false } }, { name: :read_user }])).to be(true)
-        end
+      end
-        it "does not ignore scopes whose `if` condition returns true" do
+      it "does not ignore scopes whose `if` condition returns true" do
-          token = double("token", scopes: [:api, :read_user])
+        token = double("token", scopes: [:api, :read_user])
-          expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { true } }, { name: :read_user, if: ->(_) { false } }])).to be(true)
+        expect(described_class.new(token, request: request).include_any_scope?([{ name: :api, if: ->(_) { true } }, { name: :read_user, if: ->(_) { false } }])).to be(true)
-        end
      end
    end
  end