gitlab-org--gitlab-foss/lib/api/scope.rb

# Encapsulate a scope used for authorization, such as `api`, or `read_user`
module API
  class Scope
    attr_reader :name, :if

    def initialize(name, options = {})
      @name = name.to_sym
      @if = options[:if]
    end

    # Are the `scopes` passed in sufficient to adequately authorize the passed
    # request for the scope represented by the current instance of this class?
    def sufficient?(scopes, request)
      scopes.include?(self.name) && verify_if_condition(request)
    end

    private

    def verify_if_condition(request)
      self.if.nil? || self.if.call(request)
    end
  end
end
Extract a `Gitlab::Scope` class. - To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using. 2017-06-28 03:12:23 -04:00			# Encapsulate a scope used for authorization, such as `api`, or `read_user`
			`module API`
			`class Scope`
			`attr_reader :name, :if`

			`def initialize(name, options = {})`
			`@name = name.to_sym`
			`@if = options[:if]`
			`end`

			# Are the `scopes` passed in sufficient to adequately authorize the passed
			`# request for the scope represented by the current instance of this class?`
			`def sufficient?(scopes, request)`
`AccessTokenValidationService` accepts `String` or `API::Scope` scopes. - There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`. 2017-06-30 03:32:25 -04:00			`scopes.include?(self.name) && verify_if_condition(request)`
Extract a `Gitlab::Scope` class. - To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using. 2017-06-28 03:12:23 -04:00			`end`

			`private`

			`def verify_if_condition(request)`
			`self.if.nil? \|\| self.if.call(request)`
			`end`
			`end`
			`end`