2020-09-29 04:57:48 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
class UserApiKeyScope < ActiveRecord::Base
|
2020-10-06 11:20:15 -05:00
|
|
|
SCOPES = {
|
2023-01-09 06:20:10 -06:00
|
|
|
read: [RouteMatcher.new(methods: :get)],
|
|
|
|
write: [RouteMatcher.new(methods: %i[get post patch put delete])],
|
|
|
|
message_bus: [RouteMatcher.new(methods: :post, actions: "message_bus")],
|
2020-10-06 11:20:15 -05:00
|
|
|
push: [],
|
|
|
|
one_time_password: [],
|
|
|
|
notifications: [
|
2023-01-09 06:20:10 -06:00
|
|
|
RouteMatcher.new(methods: :post, actions: "message_bus"),
|
|
|
|
RouteMatcher.new(methods: :get, actions: "notifications#index"),
|
2024-03-15 15:06:32 -05:00
|
|
|
RouteMatcher.new(methods: :get, actions: "notifications#totals"),
|
2023-01-09 06:20:10 -06:00
|
|
|
RouteMatcher.new(methods: :put, actions: "notifications#mark_read"),
|
2020-10-06 11:20:15 -05:00
|
|
|
],
|
2020-10-21 13:44:34 -05:00
|
|
|
session_info: [
|
2023-01-09 06:20:10 -06:00
|
|
|
RouteMatcher.new(methods: :get, actions: "session#current"),
|
|
|
|
RouteMatcher.new(methods: :get, actions: "users#topic_tracking_state"),
|
|
|
|
],
|
|
|
|
bookmarks_calendar: [
|
|
|
|
RouteMatcher.new(
|
|
|
|
methods: :get,
|
|
|
|
actions: "users#bookmarks",
|
|
|
|
formats: :ics,
|
|
|
|
params: %i[username],
|
|
|
|
),
|
2020-10-21 13:44:34 -05:00
|
|
|
],
|
2022-12-05 16:56:03 -06:00
|
|
|
user_status: [
|
2023-01-09 06:20:10 -06:00
|
|
|
RouteMatcher.new(methods: :get, actions: "user_status#get"),
|
|
|
|
RouteMatcher.new(methods: :put, actions: "user_status#set"),
|
|
|
|
RouteMatcher.new(methods: :delete, actions: "user_status#clear"),
|
|
|
|
],
|
2020-10-06 11:20:15 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
def self.all_scopes
|
2020-10-09 08:52:48 -05:00
|
|
|
scopes = SCOPES
|
|
|
|
DiscoursePluginRegistry.user_api_key_scope_mappings.each do |mapping|
|
|
|
|
scopes = scopes.merge!(mapping)
|
|
|
|
end
|
|
|
|
scopes
|
2020-10-06 11:20:15 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def permits?(env)
|
2020-10-08 11:38:54 -05:00
|
|
|
matchers.any? { |m| m.with_allowed_param_values(allowed_parameters).match?(env: env) }
|
2020-10-06 11:20:15 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def matchers
|
|
|
|
@matchers ||= Array(self.class.all_scopes[name.to_sym])
|
|
|
|
end
|
2020-09-29 04:57:48 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
# == Schema Information
|
|
|
|
#
|
|
|
|
# Table name: user_api_key_scopes
|
|
|
|
#
|
2020-10-08 11:38:54 -05:00
|
|
|
# id :bigint not null, primary key
|
|
|
|
# user_api_key_id :integer not null
|
|
|
|
# name :string not null
|
|
|
|
# created_at :datetime not null
|
|
|
|
# updated_at :datetime not null
|
|
|
|
# allowed_parameters :jsonb
|
2020-09-29 04:57:48 -05:00
|
|
|
#
|
|
|
|
# Indexes
|
|
|
|
#
|
|
|
|
# index_user_api_key_scopes_on_user_api_key_id (user_api_key_id)
|
|
|
|
#
|