kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Update code based on feedback

Browse source
This commit is contained in:
James Lopez 2018-12-04 15:32:06 +01:00
parent 046226717c
commit 3223f7b05b
No known key found for this signature in database
GPG key ID: 756BF8E9D7C0CF39
3 changed files with 22 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml
View file

@ -1,5 +1,5 @@
---
title: Use read_repository scope on read-only files API
merge_request:
merge_request: 23534
author:
type: fixed

8
doc/api/repository_files.md
View file

@ -4,18 +4,16 @@
**Create, read, update and delete repository files using this API**
The different scopes available using [personal access tokens][personal-access-tokens] are depicted
The different scopes available using [personal access tokens](../user/profile/personal_access_tokens.md) are depicted
in the following table.
| Scope | Description |
| ----- | ----------- |
| `read_repository` | Allows read-access to the repository files |
| `api` | Allows read-write access to the repository files |
| `read_repository` | Allows read-access to the repository files. |
| `api` | Allows read-write access to the repository files. |
> `read_repository` scope was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23534) in GitLab 11.5.3.
[personal-access-tokens]: ../user/profile/personal_access_tokens.md
## Get file from repository
Allows you to receive information about file in repository like name, size,

18
spec/requests/api/files_spec.rb
View file

@ -391,6 +391,24 @@ describe API::Files do
expect(response).to have_gitlab_http_status(400)
end
context 'with PATs' do
it 'returns 403 with `read_repository` scope' do
token = create(:personal_access_token, scopes: ['read_repository'], user: user)
post api(route(file_path), personal_access_token: token), params
expect(response).to have_gitlab_http_status(403)
end
it 'returns 201 with `api` scope' do
token = create(:personal_access_token, scopes: ['api'], user: user)
post api(route(file_path), personal_access_token: token), params
expect(response).to have_gitlab_http_status(201)
end
end
context "when specifying an author" do
it "creates a new file with the specified author" do
params.merge!(author_email: author_email, author_name: author_name)