Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-08-21 19:11:18 +08:00
Code Packages Activity Actions 15

FEATURE: user API now contains scopes so permission is granular

Browse source 
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
This commit is contained in:
Sam 2016-10-14 16:05:27 +11:00
parent becff2de4d
commit f4f5524190
16 changed files with 164 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

13
db/migrate/20161013012136_add_scopes_to_user_api_keys.rb Normal file
View file

@ -0,0 +1,13 @@
class AddScopesToUserApiKeys < ActiveRecord::Migration
def change
add_column :user_api_keys, :scopes, :text, array: true, null: false, default: []
execute "UPDATE user_api_keys SET scopes = scopes || ARRAY['write'] WHERE write"
execute "UPDATE user_api_keys SET scopes = scopes || ARRAY['read'] WHERE read"
execute "UPDATE user_api_keys SET scopes = scopes || ARRAY['push'] WHERE push"
remove_column :user_api_keys, :read
remove_column :user_api_keys, :write
remove_column :user_api_keys, :push
end
end