diff options
author | Rémy Coutable <remy@rymai.me> | 2017-09-18 14:42:37 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2017-09-18 14:42:37 +0000 |
commit | ce5abaae80764fc0c8505f115fb8bb5799bec7b1 (patch) | |
tree | c01edf1aeadcd3cfa21b5200b0756d0ab13226be /lib | |
parent | 90aebe85884b95569ab65567155ce0ec15d65ef0 (diff) | |
parent | 0013e6c00dc1743edb35b9b35a59c09fa0a0868e (diff) | |
download | gitlab-ce-ce5abaae80764fc0c8505f115fb8bb5799bec7b1.tar.gz |
Merge branch '37789-followup-for-read-registry-change' into 'master'
Clean up read_registry scope changes
Closes #37789
See merge request gitlab-org/gitlab-ce!14307
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/auth.rb | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 11ace83c15c..87aeb76b66a 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -2,7 +2,7 @@ module Gitlab module Auth MissingPersonalTokenError = Class.new(StandardError) - REGISTRY_SCOPES = Gitlab.config.registry.enabled ? [:read_registry].freeze : [].freeze + REGISTRY_SCOPES = [:read_registry].freeze # Scopes used for GitLab API access API_SCOPES = [:api, :read_user].freeze @@ -13,11 +13,6 @@ module Gitlab # Default scopes for OAuth applications that don't define their own DEFAULT_SCOPES = [:api].freeze - AVAILABLE_SCOPES = (API_SCOPES + REGISTRY_SCOPES).freeze - - # Other available scopes - OPTIONAL_SCOPES = (AVAILABLE_SCOPES + OPENID_SCOPES - DEFAULT_SCOPES).freeze - class << self include Gitlab::CurrentSettings @@ -132,7 +127,7 @@ module Gitlab token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password) - if token && valid_scoped_token?(token, AVAILABLE_SCOPES) + if token && valid_scoped_token?(token, available_scopes) Gitlab::Auth::Result.new(token.user, nil, :personal_token, abilities_for_scope(token.scopes)) end end @@ -230,6 +225,21 @@ module Gitlab def read_user_scope_authentication_abilities [] end + + def available_scopes + API_SCOPES + registry_scopes + end + + # Other available scopes + def optional_scopes + available_scopes + OPENID_SCOPES - DEFAULT_SCOPES + end + + def registry_scopes + return [] unless Gitlab.config.registry.enabled + + REGISTRY_SCOPES + end end end end |