github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: allow user api key revocation for read only keys

Browse Source
This commit is contained in:
Sam
2016-09-02 16:57:41 +10:00
parent df8d24734a
commit be0fd5b4cc
4 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/user_api_keys_controller.rb
View File

@ -90,7 +90,16 @@ class UserApiKeysController < ApplicationController
end
def revoke
find_key.update_columns(revoked_at: Time.zone.now)
revoke_key = find_key
if current_key = request.env['HTTP_USER_API_KEY']
request_key = UserApiKey.find_by(key: current_key)
if request_key && request_key.id != revoke_key.id && !request_key.write
raise Discourse::InvalidAccess
end
end
revoke_key.update_columns(revoked_at: Time.zone.now)
render json: success_json
end