DEV: Check for authorization based on token

This commit is contained in:
Peter Bouda 2024-10-08 10:39:50 +01:00
parent 6b4e0e6faa
commit 8d9d55b861
2 changed files with 18 additions and 1 deletions

View file

@ -3,7 +3,12 @@
Rails.application.config.to_prepare do Rails.application.config.to_prepare do
Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({ Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
token_authenticator: Proc.new do | token, options | token_authenticator: Proc.new do | token, options |
true api_key = ApiKey.active.with_key(token).first
allowed = false
if api_key
allowed = api_key.api_key_scopes.any? { |s| s.resource == "scim" || s.action == "access_scim_endpoints" }
end
allowed
end end
}) })
end end

View file

@ -20,6 +20,18 @@ require "scimitar"
enabled_site_setting :scim_enabled enabled_site_setting :scim_enabled
add_api_key_scope(
:scim,
{
access_scim_endpoints: {
actions: %w[scim_v2/users#index scim_v2/users#show scim_v2/users#create
scim_v2/users#replace scim_v2/users#update scim_v2/users#destroy
scim_v2/groups#index scim_v2/groups#show scim_v2/groups#create
scim_v2/groups#update],
},
},
)
module ::DiscourseScimPlugin module ::DiscourseScimPlugin
PLUGIN_NAME = "scim" PLUGIN_NAME = "scim"