Add permissions route setting to pipeline schedule rest api endpoints
What does this MR do and why?
- Adds
authorizationroute setting to pipeline schedule REST API endpoints listed in #575295 (closed). - This is part of a bigger epic, &18555 to add granular permissions to personal access tokens.
How to set up and validate locally
- In Rails console, create a personal access token with the necessary permissions
# Enable feature flag
Feature.enable(:authorize_granular_pats)
user = User.first
# Create a personal access token
token = PersonalAccessTokens::CreateService.new(
current_user: user,
target_user: user,
organization_id: user.organization_id,
params: { expires_at: 1.month.from_now, scopes: ['granular'], granular: true, name: 'gPAT' }
).execute[:personal_access_token]
# Get a project
project = user.projects.first
# Create a pipeline schedule
Ci::PipelineSchedule.create(description: 'test', project: project, cron: '1 2 3 4 *', cron_timezone: 'UTC', ref: 'master')
# Add permissions to the token
project_scope = Authz::GranularScope.new(namespace: project.project_namespace, permissions: [:read_pipeline_schedule])
Authz::GranularScopeService.new(token).add_granular_scopes(project_scope)
# Get the token
token.token- Curl the endpoint with the token
curl http://127.0.0.0.1:3000/api/v4/projects/<PROJECT_ID>/pipeline_schedules -X GET -H "PRIVATE-TOKEN: <TOKEN>"MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #575295 (closed)
Edited by Hinam Mehra