Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
b7c8f7d7
Commit
b7c8f7d7
authored
Oct 30, 2017
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update specs for sudo behavior
parent
a6c462b2
Changes
3
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
155 additions
and
241 deletions
+155
-241
app/models/oauth_access_token.rb
app/models/oauth_access_token.rb
+9
-1
lib/api/helpers.rb
lib/api/helpers.rb
+2
-5
spec/requests/api/helpers_spec.rb
spec/requests/api/helpers_spec.rb
+144
-235
No files found.
app/models/oauth_access_token.rb
View file @
b7c8f7d7
...
@@ -2,5 +2,13 @@ class OauthAccessToken < Doorkeeper::AccessToken
...
@@ -2,5 +2,13 @@ class OauthAccessToken < Doorkeeper::AccessToken
belongs_to
:resource_owner
,
class_name:
'User'
belongs_to
:resource_owner
,
class_name:
'User'
belongs_to
:application
,
class_name:
'Doorkeeper::Application'
belongs_to
:application
,
class_name:
'Doorkeeper::Application'
alias_method
:user
,
:resource_owner
alias_attribute
:user
,
:resource_owner
def
scopes
=
(
value
)
if
value
.
is_a?
(
Array
)
super
(
Doorkeeper
::
OAuth
::
Scopes
.
from_array
(
value
).
to_s
)
else
super
end
end
end
end
lib/api/helpers.rb
View file @
b7c8f7d7
...
@@ -396,7 +396,7 @@ module API
...
@@ -396,7 +396,7 @@ module API
def
sudo!
def
sudo!
return
unless
sudo_identifier
return
unless
sudo_identifier
raise
UnauthorizedError
unless
initial_current_user
unauthorized!
unless
initial_current_user
unless
initial_current_user
.
admin?
unless
initial_current_user
.
admin?
forbidden!
(
'Must be admin to use sudo'
)
forbidden!
(
'Must be admin to use sudo'
)
...
@@ -409,10 +409,7 @@ module API
...
@@ -409,10 +409,7 @@ module API
validate_access_token!
(
scopes:
[
:sudo
])
validate_access_token!
(
scopes:
[
:sudo
])
sudoed_user
=
find_user
(
sudo_identifier
)
sudoed_user
=
find_user
(
sudo_identifier
)
not_found!
(
"User with ID or username '
#{
sudo_identifier
}
'"
)
unless
sudoed_user
unless
sudoed_user
not_found!
(
"No user id or username for:
#{
sudo_identifier
}
"
)
end
@current_user
=
sudoed_user
@current_user
=
sudoed_user
end
end
...
...
spec/requests/api/helpers_spec.rb
View file @
b7c8f7d7
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment