An error occurred fetching the project authors.
  1. 27 Mar, 2017 1 commit
  2. 09 Mar, 2017 1 commit
  3. 06 Mar, 2017 1 commit
  4. 01 Mar, 2017 1 commit
  5. 28 Feb, 2017 5 commits
  6. 23 Feb, 2017 6 commits
  7. 20 Feb, 2017 1 commit
  8. 16 Feb, 2017 1 commit
  9. 09 Feb, 2017 1 commit
  10. 08 Feb, 2017 1 commit
  11. 02 Feb, 2017 1 commit
  12. 11 Jan, 2017 1 commit
  13. 05 Jan, 2017 1 commit
  14. 03 Jan, 2017 1 commit
  15. 18 Dec, 2016 1 commit
  16. 16 Dec, 2016 3 commits
    • Timothy Andrew's avatar
      Calls to the API are checked for scope. · 184b923f
      Timothy Andrew authored
      - Move the `Oauth2::AccessTokenValidationService` class to
        `AccessTokenValidationService`, since it is now being used for
        personal access token validation as well.
      
      - Each API endpoint declares the scopes it accepts (if any). Currently,
        the top level API module declares the `api` scope, and the `Users` API
        module declares the `read_user` scope (for GET requests).
      
      - Move the `find_user_by_private_token` from the API `Helpers` module to
        the `APIGuard` module, to avoid littering `Helpers` with more
        auth-related methods to support `find_user_by_private_token`
      184b923f
    • Timothy Andrew's avatar
      Calls to the API are checked for scope. · 7fa06ed5
      Timothy Andrew authored
      - Move the `Oauth2::AccessTokenValidationService` class to
        `AccessTokenValidationService`, since it is now being used for
        personal access token validation as well.
      
      - Each API endpoint declares the scopes it accepts (if any). Currently,
        the top level API module declares the `api` scope, and the `Users` API
        module declares the `read_user` scope (for GET requests).
      
      - Move the `find_user_by_private_token` from the API `Helpers` module to
        the `APIGuard` module, to avoid littering `Helpers` with more
        auth-related methods to support `find_user_by_private_token`
      7fa06ed5
    • Rémy Coutable's avatar
      API: Memoize the current_user so that the sudo can work properly · ca69c725
      Rémy Coutable authored
      The issue was arising when `#current_user` was called a second time
      after a user was impersonated: the `User#is_admin?` check would be
      performed on it and it would fail.
      Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
      ca69c725
  17. 15 Dec, 2016 3 commits
  18. 14 Dec, 2016 3 commits
  19. 12 Dec, 2016 1 commit
  20. 08 Dec, 2016 1 commit
  21. 07 Dec, 2016 2 commits
  22. 05 Dec, 2016 1 commit
  23. 04 Dec, 2016 1 commit
  24. 24 Nov, 2016 1 commit