DEV: Check for authorization based on token

2024-10-08 10:39:50 +01:00 · 2024-10-08 10:39:50 +01:00 · 8d9d55b861
commit 8d9d55b861
parent 6b4e0e6faa
2 changed files with 18 additions and 1 deletions
--- a/config/initializers/scimitar.rb
+++ b/config/initializers/scimitar.rb
@ -3,7 +3,12 @@
 Rails.application.config.to_prepare do
  Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
    token_authenticator: Proc.new do | token, options |
-      true
+      api_key = ApiKey.active.with_key(token).first
+      allowed = false
+      if api_key
+        allowed = api_key.api_key_scopes.any? { |s| s.resource == "scim" || s.action == "access_scim_endpoints" }
+      end
+      allowed
    end
  })
 end
--- a/plugin.rb
+++ b/plugin.rb
@ -20,6 +20,18 @@ require "scimitar"

 enabled_site_setting :scim_enabled

+add_api_key_scope(
+    :scim,
+    {
+      access_scim_endpoints: {
+        actions: %w[scim_v2/users#index scim_v2/users#show scim_v2/users#create
+          scim_v2/users#replace scim_v2/users#update scim_v2/users#destroy
+          scim_v2/groups#index scim_v2/groups#show scim_v2/groups#create
+          scim_v2/groups#update],
+      },
+    },
+  )
+
 module ::DiscourseScimPlugin
  PLUGIN_NAME = "scim"