Commit 4ff15fcf authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'api-guard' into 'master'

Make find_user_from_sources extensible for EE

See merge request gitlab-org/gitlab-ce!16924
parents 5ac4eddb bd132dfe
...@@ -42,7 +42,7 @@ module API ...@@ -42,7 +42,7 @@ module API
include Gitlab::Auth::UserAuthFinders include Gitlab::Auth::UserAuthFinders
def find_current_user! def find_current_user!
user = find_user_from_access_token || find_user_from_warden user = find_user_from_sources
return unless user return unless user
forbidden!('User is blocked') unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api) forbidden!('User is blocked') unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api)
...@@ -50,6 +50,10 @@ module API ...@@ -50,6 +50,10 @@ module API
user user
end end
def find_user_from_sources
find_user_from_access_token || find_user_from_warden
end
private private
# An array of scopes that were registered (using `allow_access_with_scope`) # An array of scopes that were registered (using `allow_access_with_scope`)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment