Change authorized applications page (#17656)

* Change authorized applications page * Hide revoke button for superapps and suspended accounts * Clean up db/schema.rb
2022-03-01 16:48:58 +01:00 · 2022-03-01 16:48:58 +01:00 · 50ea54b3ed
commit 50ea54b3ed
parent 233f7e6174
20 changed files with 393 additions and 62 deletions
--- a/app/lib/access_token_extension.rb
+++ b/app/lib/access_token_extension.rb
@ -11,6 +11,10 @@ module AccessTokenExtension
    update(revoked_at: clock.now.utc)
  end

+  def update_last_used(request, clock = Time)
+    update(last_used_at: clock.now.utc, last_used_ip: request.remote_ip)
+  end
+
  def push_to_streaming_api
    Redis.current.publish("timeline:access_token:#{id}", Oj.dump(event: :kill)) if revoked? || destroyed?
  end
--- a/app/lib/application_extension.rb
+++ b/app/lib/application_extension.rb
@ -8,4 +8,8 @@ module ApplicationExtension
    validates :website, url: true, length: { maximum: 2_000 }, if: :website?
    validates :redirect_uri, length: { maximum: 2_000 }
  end
+
+  def most_recently_used_access_token
+    @most_recently_used_access_token ||= access_tokens.where.not(last_used_at: nil).order(last_used_at: :desc).first
+  end
 end
--- a/app/lib/scope_parser.rb
+++ b/app/lib/scope_parser.rb
@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class ScopeParser < Parslet::Parser
+  rule(:term)      { match('[a-z]').repeat(1).as(:term) }
+  rule(:colon)     { str(':') }
+  rule(:access)    { (str('write') | str('read')).as(:access) }
+  rule(:namespace) { str('admin').as(:namespace) }
+  rule(:scope)     { ((namespace >> colon).maybe >> ((access >> colon >> term) | access | term)).as(:scope) }
+  root(:scope)
+end
--- a/app/lib/scope_transformer.rb
+++ b/app/lib/scope_transformer.rb
@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+class ScopeTransformer < Parslet::Transform
+  class Scope
+    DEFAULT_TERM   = 'all'
+    DEFAULT_ACCESS = %w(read write).freeze
+
+    attr_reader :namespace, :term
+
+    def initialize(scope)
+      @namespace = scope[:namespace]&.to_s
+      @access    = scope[:access] ? [scope[:access].to_s] : DEFAULT_ACCESS.dup
+      @term      = scope[:term]&.to_s || DEFAULT_TERM
+    end
+
+    def key
+      @key ||= [@namespace, @term].compact.join('/')
+    end
+
+    def access
+      @access.join('/')
+    end
+
+    def merge(other_scope)
+      clone.merge!(other_scope)
+    end
+
+    def merge!(other_scope)
+      raise ArgumentError unless other_scope.namespace == namespace && other_scope.term == term
+
+      @access.concat(other_scope.instance_variable_get('@access'))
+      @access.uniq!
+      @access.sort!
+
+      self
+    end
+  end
+
+  rule(scope: subtree(:scope)) { Scope.new(scope) }
+end