Auth for API

2012-09-10 09:06:11 +03:00 · 2012-09-10 09:06:11 +03:00 · b565f33472
commit b565f33472
parent 80685596d3
4 changed files with 27 additions and 0 deletions
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@ -21,5 +21,21 @@ module Gitlab
    def authenticate!
      error!({'message' => '401 Unauthorized'}, 401) unless current_user
    end
+
+    def authorize! action, subject
+      unless abilities.allowed?(current_user, action, subject)
+        error!({'message' => '403 Forbidden'}, 403)
+      end
+    end
+
+    private 
+
+    def abilities
+      @abilities ||= begin
+                       abilities = Six.new
+                       abilities << Ability
+                       abilities
+                     end
+    end
  end
 end