From eaf9088ba8abe8c847a09860b55a86c7ae0d5987 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 6 Jan 2018 00:41:13 -0800 Subject: Save user ID and username in Grape API log (api_json.log) This will enable admins to identify who actually made the API request. Relates to #36960 --- lib/api/helpers.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib/api/helpers.rb') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index bf388163ec8..d6ce368efd5 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -5,6 +5,7 @@ module API SUDO_HEADER = "HTTP_SUDO".freeze SUDO_PARAM = :sudo + API_USER_ENV = 'gitlab.api.user'.freeze def declared_params(options = {}) options = { include_parent_namespaces: false }.merge(options) @@ -48,10 +49,16 @@ module API validate_access_token!(scopes: scopes_registered_for_endpoint) unless sudo? + save_current_user_in_env(@current_user) if @current_user + @current_user end # rubocop:enable Gitlab/ModuleWithInstanceVariables + def save_current_user_in_env(user) + env[API_USER_ENV] = { user_id: user.id, username: user.username } + end + def sudo? initial_current_user != current_user end -- cgit v1.2.1 From 729f05f0e3c4835c91e20ccd1ddb630eb7ef4379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=99=88=20=20jacopo=20beschi=20=F0=9F=99=89?= Date: Thu, 11 Jan 2018 16:34:01 +0000 Subject: Adds Rubocop rule for line break around conditionals --- lib/api/helpers.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/api/helpers.rb') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index d6ce368efd5..6134ad2bfc7 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -26,6 +26,7 @@ module API check_unmodified_since!(last_updated) status 204 + if block_given? yield resource else -- cgit v1.2.1