Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
3223f7b0
Commit
3223f7b0
authored
Dec 04, 2018
by
James Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update code based on feedback
parent
04622671
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
22 additions
and
6 deletions
+22
-6
changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml
...se-read_repository-scope-on-read-only-files-endpoints.yml
+1
-1
doc/api/repository_files.md
doc/api/repository_files.md
+3
-5
spec/requests/api/files_spec.rb
spec/requests/api/files_spec.rb
+18
-0
No files found.
changelogs/unreleased/54826-use-read_repository-scope-on-read-only-files-endpoints.yml
View file @
3223f7b0
---
title
:
Use read_repository scope on read-only files API
merge_request
:
merge_request
:
23534
author
:
type
:
fixed
doc/api/repository_files.md
View file @
3223f7b0
...
...
@@ -4,18 +4,16 @@
**Create, read, update and delete repository files using this API**
The different scopes available using
[
personal access tokens
]
[
personal-access-tokens
]
are depicted
The different scopes available using
[
personal access tokens
]
(
../user/profile/personal_access_tokens.md
)
are depicted
in the following table.
| Scope | Description |
| ----- | ----------- |
|
`read_repository`
| Allows read-access to the repository files |
|
`api`
| Allows read-write access to the repository files |
|
`read_repository`
| Allows read-access to the repository files
.
|
|
`api`
| Allows read-write access to the repository files
.
|
> `read_repository` scope was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23534) in GitLab 11.5.3.
[
personal-access-tokens
]:
../user/profile/personal_access_tokens.md
## Get file from repository
Allows you to receive information about file in repository like name, size,
...
...
spec/requests/api/files_spec.rb
View file @
3223f7b0
...
...
@@ -391,6 +391,24 @@ describe API::Files do
expect
(
response
).
to
have_gitlab_http_status
(
400
)
end
context
'with PATs'
do
it
'returns 403 with `read_repository` scope'
do
token
=
create
(
:personal_access_token
,
scopes:
[
'read_repository'
],
user:
user
)
post
api
(
route
(
file_path
),
personal_access_token:
token
),
params
expect
(
response
).
to
have_gitlab_http_status
(
403
)
end
it
'returns 201 with `api` scope'
do
token
=
create
(
:personal_access_token
,
scopes:
[
'api'
],
user:
user
)
post
api
(
route
(
file_path
),
personal_access_token:
token
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
end
end
context
"when specifying an author"
do
it
"creates a new file with the specified author"
do
params
.
merge!
(
author_email:
author_email
,
author_name:
author_name
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment