Ensure Current.organization is always set for Grape API
In Rails controllers, we have a before_action that calls set_current_organization.
The result: Current.organization is available and valid in all controllers that have ApplicationController as a parent class.
We will need current_user because, if the API user does not supply an organization, we need to derive the organization from the current_user object (using the API token).
We want a similar implementation for Grape API. But this is not trivial, see this MR. Currently, we explicitly call set_current_organization in the Grape API's that need it. But that is a lot of duplication.
I expected that we could ignore this problem because I expected that we would never need current_user to determine an Organization but I expect we do need it (unless we ask all our API users to explicitly supply an organization_id in each API call)
The summary is:
- In Rails context,
current_userreturns a user ORnil - In Grape context,
current_userreturns a user OR renders anUnauthorizedHTTP header - In Grape context, some controllers don't even use
current_userbut have their own custom authentication- Example:
API::Scim::InstanceScim - Example:
API::Ci::Runner(using runner token)
- Example:
I expect that we need to refactor the authentication logic in Grape API
Definition of Done
This issue can be closed if:
- All API classes have
Current.organizationset, without any change to the API class itself - The explicit calls to
set_current_organization(for example, in API::Projects) have been removed