Support authenticating in RBTools with API tokens.
Review Request #6237 — Created Aug. 16, 2014 and submitted — Latest diff uploaded
Review Board 2.1+ supports authenticating using API tokens. This change
adds a new--api-token=
parameter for commands to make use of these when
authenticating.Since authentication happens before accessing resources, we can't really
check for a capability before deciding whether or not to allow a user to
pass a token. Passing a token to a server that doesn't support it is
harmless, though.
Tested this with different policies, including Full Access, Read-Only, and
custom policies. I usedrbt api-get
,rbt post
,rbt close
,rbt status
,
andrbt diff
.I tried posting this change using a read-only API token, and got an error about
not having permission. I then tried with my full access token, and it succeeded.