From 80c1ebaa83f346e45346baac584f21878652c350 Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Tue, 20 Jun 2017 08:27:45 +0000
Subject: Allow API scope declarations to be applied conditionally.

- Scope declarations of the form:

    allow_access_with_scope :read_user, if: -> (request) { request.get? }

  will only apply for `GET` requests

- Add a negative test to a `POST` endpoint in the `users` API to test this. Also
  test for this case in the `AccessTokenValidationService` unit tests.
---
 lib/api/helpers.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/api/helpers.rb')

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 3cf04e6df3c..c69e7afea8c 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -340,7 +340,7 @@ module API
     end
 
     def initial_current_user
-      endpoint_class = options[:for]
+      endpoint_class = options[:for].presence || ::API::API
 
       return @initial_current_user if defined?(@initial_current_user)
       Gitlab::Auth::UniqueIpsLimiter.limit_user! do
-- 
cgit v1.2.1