search

antek-drzewiecki / wine_bouncer

A Ruby gem that allows Oauth2 protection with Doorkeeper for Grape Api's
MIT License
112 stars 58 forks source link

admin scope doesn't analyze user's role #63

Open texpert opened 8 years ago

texpert commented 8 years ago

When setting oauth2 'admin' scope, only the access_token scope is analyzed, returning error if the 'admin' scope is missing.

Woluld be better to, also, analyze user's role. Didn't quite get how to use Doorkeeper's admin_authenticator option from initializer, so just changed your method like this and it works:

def valid_doorkeeper_token?(*scopes) doorkeeper_token && doorkeeper_token.accessible? && (doorkeeper_token.includes_scope(*scopes) || User.find(doorkeeper_token.resource_owner_id).admin?) end

texpert commented 8 years ago

Made a PR using Doorkeepers authenticate_admin - https://github.com/antek-drzewiecki/wine_bouncer/pull/64

antek-drzewiecki commented 8 years ago

Ill look into it today! :) thanks for the PR