FIX: Allowed URLs for API scopes added by plugins (#15662)

This commit is contained in:
Osama Sayegh 2022-01-20 22:29:03 +03:00 committed by GitHub
parent 2dc0f36e07
commit 688be607c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -101,7 +101,14 @@ class ApiKeyScope < ActiveRecord::Base
urls = [] urls = []
if actions.present? if actions.present?
Rails.application.routes.routes.each do |route| routes = Rails.application.routes.routes.to_a
Rails::Engine.descendants.each do |engine|
next if engine == Rails::Application # abstract engine, can't call routes on it
next if engine == Discourse::Application # equiv. to Rails.application
routes.concat(engine.routes.routes.to_a)
end
routes.each do |route|
defaults = route.defaults defaults = route.defaults
action = "#{defaults[:controller].to_s}##{defaults[:action]}" action = "#{defaults[:controller].to_s}##{defaults[:action]}"
path = route.path.spec.to_s.gsub(/\(\.:format\)/, '') path = route.path.spec.to_s.gsub(/\(\.:format\)/, '')