Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated frame.context to use req.api_key #9965

Merged
merged 3 commits into from
Oct 9, 2018
Merged

Updated frame.context to use req.api_key #9965

merged 3 commits into from
Oct 9, 2018

Conversation

allouis
Copy link
Contributor

@allouis allouis commented Oct 9, 2018

refs #9865

This is split out from #9869 to make it easier to review

It adds the id of req.api_key, if it exists to the context object. This is necessary so that controllers can verify permissions of api_keys.

It also removes the client and client_id parts of the context object - as they are not used past v0.1

@allouis allouis changed the title Api key context Updated frame.context to use req.api_key Oct 9, 2018
@allouis
Added api_key to frame.context
313493c 
refs #9865

This is to allow controllers to check permissions using api_key data.
@allouis
Removed client and client_id from frame.context
7e2e41e 
refs #9865

This is unused as we only support oauth on v0.1 API.
kirrg001
kirrg001 reviewed Oct 9, 2018
View reviewed changes
core/server/api/shared/http.js Outdated
user: ((req.user && req.user.id) || (req.user && models.User.isExternalUser(req.user.id))) ? req.user.id : null,
client: (req.client && req.client.slug) ? req.client.slug : null,
client_id: (req.client && req.client.id) ? req.client.id : null
api_key: (req.api_key && req.api_key.id) ? req.api_key.id : null,

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

kirrg001
kirrg001 approved these changes Oct 9, 2018
View reviewed changes
Copy link
Contributor

@kirrg001 kirrg001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FFTSM 👍

@allouis allouis merged commit 1b9aa25 into TryGhost:master Oct 9, 2018
@allouis allouis deleted the api_key-context branch October 9, 2018 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kirrg001 kirrg001 kirrg001 approved these changes

Assignees

@kirrg001 kirrg001

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@allouis @kirrg001 @kevinansfield