Add before_hook to bodied to allow to pre-authorize permissions

pull/9686/head
Oliver Günther 3 years ago
parent 992ef042ef
commit 07be595f4f
No known key found for this signature in database
GPG Key ID: A3A8BDAD7C0C552C
  1. 6
      lib/api/utilities/endpoints/bodied.rb
  2. 18
      lib/api/v3/attachments/attachments_by_container_api.rb

@ -58,6 +58,7 @@ module API
params_modifier: default_params_modifier,
params_source: default_params_source,
process_state: default_process_state,
before_hook: nil,
parse_representer: nil,
render_representer: nil,
process_service: nil,
@ -74,12 +75,14 @@ module API
self.process_contract = process_contract || deduce_process_contract
self.process_service = process_service || deduce_process_service
self.parse_service = parse_service || deduce_parse_service
self.before_hook = before_hook
end
def mount
update = self
-> do
update.before_hook&.(request: self)
params = update.parse(self)
call = update.process(self, params)
@ -134,7 +137,8 @@ module API
:process_contract,
:process_service,
:parse_service,
:process_state
:process_state,
:before_hook
private

@ -53,15 +53,15 @@ module API
def restrict_permissions(permissions)
authorize_any(permissions, projects: container.project) unless permissions.empty?
end
end
def parse_multipart(request)
def self.parse_multipart(request)
request.params.tap do |params|
params[:metadata] = JSON.parse(params[:metadata]) if params.key?(:metadata)
end
rescue JSON::ParserError
raise ::API::Errors::InvalidRequestBody.new(I18n.t('api_v3.errors.invalid_json'))
end
end
def self.read
-> do
@ -73,31 +73,26 @@ module API
end
def self.create(permissions = [])
-> do
restrict_permissions permissions
instance_exec &::API::V3::Utilities::Endpoints::Create
::API::V3::Utilities::Endpoints::Create
.new(model: ::Attachment,
parse_representer: AttachmentParsingRepresenter,
params_source: method(:parse_multipart),
before_hook: ->(request:) { request.restrict_permissions(permissions) },
params_modifier: ->(params) do
params.merge(container: container)
end)
.mount
end
end
def self.prepare(permissions = [])
-> do
restrict_permissions permissions
instance_exec &::API::V3::Utilities::Endpoints::Create
::API::V3::Utilities::Endpoints::Create
.new(model: ::Attachment,
parse_representer: AttachmentParsingRepresenter,
render_representer: AttachmentUploadRepresenter,
process_service: ::Attachments::PrepareUploadService,
process_contract: ::Attachments::PrepareUploadContract,
params_source: method(:parse_multipart),
before_hook: ->(request:) { request.restrict_permissions(permissions) },
params_modifier: ->(params) do
params.merge(container: container)
end)
@ -107,4 +102,3 @@ module API
end
end
end
end

Loading…
Cancel
Save