Merge branch 'ee-api-guard' into 'master'

Introduce EE::API::APIGuard::HelperMethods See merge request gitlab-org/gitlab-ee!4378

Merge branch 'ee-api-guard' into 'master'
Introduce EE::API::APIGuard::HelperMethods See merge request gitlab-org/gitlab-ee!4378
3280c094 · Rémy Coutable · 5c34451b · 173e17e5 · 3280c094 · 3280c094
Commit 3280c094 authored Feb 05, 2018 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 1 deletion

ee/lib/ee/api/api_guard.rb ee/lib/ee/api/api_guard.rb +16 -0

lib/api/api_guard.rb lib/api/api_guard.rb +6 -1

No files found.
--- a/ee/lib/ee/api/api_guard.rb
+++ b/ee/lib/ee/api/api_guard.rb
+module EE
+  module API
+    module APIGuard
+      module HelperMethods
+        extend ::Gitlab::Utils::Override
+
+        override :find_user_from_sources
+        def find_user_from_sources
+          find_user_from_access_token ||
+            find_user_from_job_token ||
+            find_user_from_warden
+        end
+      end
+    end
+  end
+end
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -39,10 +39,11 @@ module API

    # Helper Methods for Grape Endpoint
    module HelperMethods
+      prepend EE::API::APIGuard::HelperMethods
      include Gitlab::Auth::UserAuthFinders

      def find_current_user!
-        user = find_user_from_access_token || find_user_from_job_token || find_user_from_warden
+        user = find_user_from_sources
        return unless user

        forbidden!('User is blocked') unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api)
@@ -50,6 +51,10 @@ module API
        user
      end

+      def find_user_from_sources
+        find_user_from_access_token || find_user_from_warden
+      end
+
      private

      # An array of scopes that were registered (using `allow_access_with_scope`)