Allow endpoints to define security requirements (#492)

tomregelink · peter scholz · commit 463b289c5167 · 2016-08-22T18:11:10.000+02:00
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -28,7 +28,7 @@ Metrics/AbcSize:
 # Offense count: 3
 # Configuration parameters: CountComments.
 Metrics/ClassLength:
-  Max: 226
+  Max: 231
 
 # Offense count: 10
 Metrics/CyclomaticComplexity:
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 #### Features
 
+* [#492](https://github.com/ruby-grape/grape/pull/492): Define security requirements on endpoint methods - [@tomregelink](https://github.com/tomregelink).
 * Your contribution here.
 
 #### Fixes
diff --git a/lib/grape-swagger/endpoint.rb b/lib/grape-swagger/endpoint.rb
@@ -108,6 +108,7 @@ def method_object(route, options, path)
       method[:produces]    = produces_object(route, options[:produces] || options[:format])
       method[:consumes]    = consumes_object(route, options[:format])
       method[:parameters]  = params_object(route)
+      method[:security]    = security_object(route)
       method[:responses]   = response_object(route, options[:markdown])
       method[:tags]        = tag_object(route)
       method[:operationId] = GrapeSwagger::DocMethods::OperationId.build(route, path)
@@ -116,6 +117,10 @@ def method_object(route, options, path)
       [route.request_method.downcase.to_sym, method]
     end
 
+    def security_object(route)
+      route.options[:security] if route.options.key?(:security)
+    end
+
     def summary_object(route)
       summary = route.options[:desc] if route.options.key?(:desc)
       summary = route.description if route.description.present?
diff --git a/spec/swagger_v2/security_requirement_spec.rb b/spec/swagger_v2/security_requirement_spec.rb
@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe 'security requirement on endpoint method' do
+  def app
+    Class.new(Grape::API) do
+      desc 'Endpoint with security requirement', security: [oauth_pets: ['read:pets', 'write:pets']]
+      get '/with_security' do
+        { foo: 'bar' }
+      end
+
+      add_swagger_documentation
+    end
+  end
+
+  subject do
+    get '/swagger_doc.json'
+    JSON.parse(last_response.body)
+  end
+
+  it 'defines the security requirement on the endpoint method' do
+    expect(subject['paths']['/with_security']['get']['security']).to eql ['oauth_pets' => ['read:pets', 'write:pets']]
+  end
+end
