X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/442e5c6553061ef1bbb8d9194bb5b8d9cdb68545..f82e5b3b99808ca1b95b9cc55655dd885d5e491f:/services/api/app/models/api_client_authorization.rb

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 38a90d5c13..82dd0ec2b6 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -20,8 +20,7 @@ class ApiClientAuthorization < ArvadosModel
     t.add :scopes
   end
 
-  UNLOGGED_ATTRIBUTES = ['last_used_at', 'last_used_by_ip_address',
-                         'updated_at']
+  UNLOGGED_CHANGES = ['last_used_at', 'last_used_by_ip_address', 'updated_at']
 
   def assign_random_api_token
     self.api_token ||= rand(2**256).to_s(36)
@@ -63,6 +62,24 @@ class ApiClientAuthorization < ArvadosModel
   end
   def modified_at=(x) end
 
+  def scopes_allow?(req_s)
+    scopes.each do |scope|
+      return true if (scope == 'all') or (scope == req_s) or
+        ((scope.end_with? '/') and (req_s.start_with? scope))
+    end
+    false
+  end
+
+  def scopes_allow_request?(request)
+    scopes_allow? [request.request_method, request.path].join(' ')
+  end
+
+  def logged_attributes
+    attrs = attributes.dup
+    attrs.delete('api_token')
+    attrs
+  end
+
   protected
 
   def permission_to_create
@@ -76,6 +93,6 @@ class ApiClientAuthorization < ArvadosModel
   end
 
   def log_update
-    super unless (changed - UNLOGGED_ATTRIBUTES).empty?
+    super unless (changed - UNLOGGED_CHANGES).empty?
   end
 end