debian-mirror-gitlab/lib/api/personal_access_tokens.rb

86 lines
3.3 KiB
Ruby
Raw Normal View History

2021-01-29 00:20:46 +05:30
# frozen_string_literal: true
module API
class PersonalAccessTokens < ::API::Base
include ::API::PaginationParams
feature_category :authentication_and_authorization
before do
authenticate!
2022-10-11 01:57:18 +05:30
restrict_non_admins! unless current_user.can_admin_all_resources?
2021-01-29 00:20:46 +05:30
end
2022-10-11 01:57:18 +05:30
helpers ::API::Helpers::PersonalAccessTokensHelpers
2021-01-29 00:20:46 +05:30
resources :personal_access_tokens do
2023-01-13 00:05:48 +05:30
desc 'List personal access tokens' do
detail 'Get all personal access tokens the authenticated user has access to.'
is_array true
success Entities::PersonalAccessToken
tags %w[personal_access_tokens]
failure [
{ code: 401, message: 'Unauthorized' }
]
end
params do
optional :user_id, type: Integer, desc: 'Filter PATs by User ID', documentation: { example: 2 }
optional :revoked, type: Boolean, desc: 'Filter PATs where revoked state matches parameter',
documentation: { example: false }
optional :state, type: String, desc: 'Filter PATs which are either active or not',
values: %w[active inactive], documentation: { example: 'active' }
optional :created_before, type: DateTime, desc: 'Filter PATs which were created before given datetime',
documentation: { example: '2022-01-01' }
optional :created_after, type: DateTime, desc: 'Filter PATs which were created after given datetime',
documentation: { example: '2021-01-01' }
optional :last_used_before, type: DateTime, desc: 'Filter PATs which were used before given datetime',
documentation: { example: '2021-01-01' }
optional :last_used_after, type: DateTime, desc: 'Filter PATs which were used after given datetime',
documentation: { example: '2022-01-01' }
optional :search, type: String, desc: 'Filters PATs by its name', documentation: { example: 'token' }
use :pagination
end
2021-01-29 00:20:46 +05:30
get do
tokens = PersonalAccessTokensFinder.new(finder_params(current_user), current_user).execute
present paginate(tokens), with: Entities::PersonalAccessToken
end
2023-01-13 00:05:48 +05:30
desc 'Get single personal access token' do
detail 'Get a personal access token by using the ID of the personal access token.'
success Entities::PersonalAccessToken
failure [
{ code: 401, message: 'Unauthorized' },
{ code: 404, message: 'Not found' }
]
end
2022-07-23 23:45:48 +05:30
get ':id' do
token = PersonalAccessToken.find_by_id(params[:id])
2022-08-27 11:52:29 +05:30
allowed = Ability.allowed?(current_user, :read_user_personal_access_tokens, token&.user)
if allowed
present token, with: Entities::PersonalAccessToken
else
# Only admins should be informed if the token doesn't exist
2022-10-11 01:57:18 +05:30
current_user.can_admin_all_resources? ? not_found! : unauthorized!
2022-08-27 11:52:29 +05:30
end
2022-07-23 23:45:48 +05:30
end
2023-01-13 00:05:48 +05:30
desc 'Revoke a personal access token' do
detail 'Revoke a personal access token by using the ID of the personal access token.'
success code: 204
failure [
{ code: 400, message: 'Bad Request' }
]
end
2021-01-29 00:20:46 +05:30
delete ':id' do
2022-07-16 23:28:13 +05:30
token = find_token(params[:id])
2021-01-29 00:20:46 +05:30
2022-07-16 23:28:13 +05:30
revoke_token(token)
2021-01-29 00:20:46 +05:30
end
end
end
end