Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
02b85fd2
Commit
02b85fd2
authored
May 15, 2014
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Check user access status in API for current_user
parent
34fd5570
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
10 additions
and
0 deletions
+10
-0
lib/api/helpers.rb
lib/api/helpers.rb
+5
-0
spec/requests/api/api_helpers_spec.rb
spec/requests/api/api_helpers_spec.rb
+5
-0
No files found.
lib/api/helpers.rb
View file @
02b85fd2
...
...
@@ -8,6 +8,11 @@ module API
def
current_user
private_token
=
(
params
[
PRIVATE_TOKEN_PARAM
]
||
env
[
PRIVATE_TOKEN_HEADER
]).
to_s
@current_user
||=
User
.
find_by
(
authentication_token:
private_token
)
unless
@current_user
&&
Gitlab
::
UserAccess
.
allowed?
(
@current_user
)
return
nil
end
identifier
=
sudo_identifier
()
# If the sudo is the current user do nothing
...
...
spec/requests/api/api_helpers_spec.rb
View file @
02b85fd2
...
...
@@ -44,6 +44,11 @@ describe API, api: true do
current_user
.
should
be_nil
end
it
"should return nil for a user without access"
do
Gitlab
::
UserAccess
.
stub
(
allowed?:
false
)
current_user
.
should
be_nil
end
it
"should leave user as is when sudo not specified"
do
env
[
API
::
APIHelpers
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
current_user
.
should
==
user
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment