mirror of
https://github.com/discourse/discourse.git
synced 2024-12-05 09:04:01 +08:00
f4f5524190
previously we supported blanket read and write for user API, this change amends it so we can define more limited scopes. A scope only covers a few routes. You can not grant access to part of the site and leave a large amount of the information hidden to API consumer.
8 lines
178 B
Ruby
8 lines
178 B
Ruby
Fabricator(:readonly_user_api_key, from: :user_api_key) do
|
|
user
|
|
scopes ['read']
|
|
client_id { SecureRandom.hex }
|
|
key { SecureRandom.hex }
|
|
application_name 'some app'
|
|
end
|