Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/models/user_api_key_scope.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

57 lines
1.7 KiB
Ruby
Raw Normal View History

DEV: Move UserApiKey scopes to dedicated table (#10704) This has no functional impact yet, but it is the first step in adding more granular scopes to UserApiKeys
2020-09-29 05:57:48 -04:00
# frozen_string_literal: true
class UserApiKeyScope < ActiveRecord::Base
REFACTOR: Introduce RouteMatcher class This consolidates logic used to match routes in ApiKey, UserApiKey and DefaultCurrentUserProvider. This reduces duplicated logic, and will allow UserApiKeysScope to easily re-use the parameter matching logic from ApiKeyScope
2020-10-06 12:20:15 -04:00
SCOPES = {
read: [ RouteMatcher.new(methods: :get) ],
write: [ RouteMatcher.new(methods: [:get, :post, :patch, :put, :delete]) ],
message_bus: [ RouteMatcher.new(methods: :post, actions: 'message_bus') ],
push: [],
one_time_password: [],
notifications: [
RouteMatcher.new(methods: :post, actions: 'message_bus'),
RouteMatcher.new(methods: :get, actions: 'notifications#index'),
RouteMatcher.new(methods: :put, actions: 'notifications#mark_read')
],
FIX: Restore users#topic_tracking_state route to api session_info scope (#10992) This route was inadvertently removed in 1cec333f, and is required for showing new/unread counts in Discourse mobile apps
2020-10-21 14:44:34 -04:00
session_info: [
RouteMatcher.new(methods: :get, actions: 'session#current'),
RouteMatcher.new(methods: :get, actions: 'users#topic_tracking_state')
],
DEV: Add support for allowed parameters in user api key scopes Initially, this feature is only intended for use in core/plugins, so there is no API for requesting a parameter-scoped key. That may change in future.
2020-10-08 12:38:54 -04:00
bookmarks_calendar: [ RouteMatcher.new(methods: :get, actions: 'users#bookmarks', formats: :ics, params: %i[username]) ]
REFACTOR: Introduce RouteMatcher class This consolidates logic used to match routes in ApiKey, UserApiKey and DefaultCurrentUserProvider. This reduces duplicated logic, and will allow UserApiKeysScope to easily re-use the parameter matching logic from ApiKeyScope
2020-10-06 12:20:15 -04:00
}
def self.all_scopes
DEV: Introduce plugin API to contribute user api key scopes
2020-10-09 09:52:48 -04:00
scopes = SCOPES
DiscoursePluginRegistry.user_api_key_scope_mappings.each do |mapping|
scopes = scopes.merge!(mapping)
end
scopes
REFACTOR: Introduce RouteMatcher class This consolidates logic used to match routes in ApiKey, UserApiKey and DefaultCurrentUserProvider. This reduces duplicated logic, and will allow UserApiKeysScope to easily re-use the parameter matching logic from ApiKeyScope
2020-10-06 12:20:15 -04:00
end
def permits?(env)
DEV: Add support for allowed parameters in user api key scopes Initially, this feature is only intended for use in core/plugins, so there is no API for requesting a parameter-scoped key. That may change in future.
2020-10-08 12:38:54 -04:00
matchers.any? { |m| m.with_allowed_param_values(allowed_parameters).match?(env: env) }
REFACTOR: Introduce RouteMatcher class This consolidates logic used to match routes in ApiKey, UserApiKey and DefaultCurrentUserProvider. This reduces duplicated logic, and will allow UserApiKeysScope to easily re-use the parameter matching logic from ApiKeyScope
2020-10-06 12:20:15 -04:00
end
private
def matchers
@matchers ||= Array(self.class.all_scopes[name.to_sym])
end
DEV: Move UserApiKey scopes to dedicated table (#10704) This has no functional impact yet, but it is the first step in adding more granular scopes to UserApiKeys
2020-09-29 05:57:48 -04:00
end
# == Schema Information
#
# Table name: user_api_key_scopes
#
DEV: Add support for allowed parameters in user api key scopes Initially, this feature is only intended for use in core/plugins, so there is no API for requesting a parameter-scoped key. That may change in future.
2020-10-08 12:38:54 -04:00
# id :bigint not null, primary key
# user_api_key_id :integer not null
# name :string not null
# created_at :datetime not null
# updated_at :datetime not null
# allowed_parameters :jsonb
DEV: Move UserApiKey scopes to dedicated table (#10704) This has no functional impact yet, but it is the first step in adding more granular scopes to UserApiKeys
2020-09-29 05:57:48 -04:00
#
# Indexes
#
# index_user_api_key_scopes_on_user_api_key_id (user_api_key_id)
#