Skip to content

G
gitlab-ce
Commit 3223f7b0 authored by James Lopez's avatar James Lopez
Browse files
Options

Update code based on feedback

parent 04622671
Show whitespace changes
Inline Side-by-side
Showing with 22 additions and 6 deletions
changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml
View file @ 3223f7b0
--- ---
title: Use read_repository scope on read-only files API title: Use read_repository scope on read-only files API
merge_request: merge_request: 23534
author: author:
type: fixed type: fixed
doc/api/repository_files.md
View file @ 3223f7b0
...@@ -4,18 +4,16 @@ ...@@ -4,18 +4,16 @@
**Create, read, update and delete repository files using this API** **Create, read, update and delete repository files using this API**
The different scopes available using [personal access tokens][personal-access-tokens] are depicted The different scopes available using [personal access tokens](../user/profile/personal_access_tokens.md) are depicted
in the following table. in the following table.
| Scope | Description | | Scope | Description |
| ----- | ----------- | | ----- | ----------- |
| `read_repository` | Allows read-access to the repository files | | `read_repository` | Allows read-access to the repository files. |
| `api` | Allows read-write access to the repository files | | `api` | Allows read-write access to the repository files. |
> `read_repository` scope was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23534) in GitLab 11.5.3. > `read_repository` scope was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23534) in GitLab 11.5.3.
[personal-access-tokens]: ../user/profile/personal_access_tokens.md
## Get file from repository ## Get file from repository
Allows you to receive information about file in repository like name, size, Allows you to receive information about file in repository like name, size,
......
spec/requests/api/files_spec.rb
View file @ 3223f7b0
...@@ -391,6 +391,24 @@ describe API::Files do ...@@ -391,6 +391,24 @@ describe API::Files do
expect(response).to have_gitlab_http_status(400) expect(response).to have_gitlab_http_status(400)
end end
context 'with PATs' do
it 'returns 403 with `read_repository` scope' do
token = create(:personal_access_token, scopes: ['read_repository'], user: user)
post api(route(file_path), personal_access_token: token), params
expect(response).to have_gitlab_http_status(403)
end
it 'returns 201 with `api` scope' do
token = create(:personal_access_token, scopes: ['api'], user: user)
post api(route(file_path), personal_access_token: token), params
expect(response).to have_gitlab_http_status(201)
end
end
context "when specifying an author" do context "when specifying an author" do
it "creates a new file with the specified author" do it "creates a new file with the specified author" do
params.merge!(author_email: author_email, author_name: author_name) params.merge!(author_email: author_email, author_name: author_name)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7