2 files changed, 68 insertions, 6 deletions

diff --git a/models/oauth2_application.go b/models/oauth2_application.go
index dd80a79b48..1e69dd6430 100644
--- a/models/oauth2_application.go
+++ b/models/oauth2_application.go
@@ -340,12 +340,13 @@ func getOAuth2AuthorizationByCode(e Engine, code string) (auth *OAuth2Authorizat
 
 // OAuth2Grant represents the permission of an user for a specifc application to access resources
 type OAuth2Grant struct {
-	ID            int64          `xorm:"pk autoincr"`
-	UserID        int64          `xorm:"INDEX unique(user_application)"`
-	ApplicationID int64          `xorm:"INDEX unique(user_application)"`
-	Counter       int64          `xorm:"NOT NULL DEFAULT 1"`
-	CreatedUnix   util.TimeStamp `xorm:"created"`
-	UpdatedUnix   util.TimeStamp `xorm:"updated"`
+	ID            int64              `xorm:"pk autoincr"`
+	UserID        int64              `xorm:"INDEX unique(user_application)"`
+	Application   *OAuth2Application `xorm:"-"`
+	ApplicationID int64              `xorm:"INDEX unique(user_application)"`
+	Counter       int64              `xorm:"NOT NULL DEFAULT 1"`
+	CreatedUnix   util.TimeStamp     `xorm:"created"`
+	UpdatedUnix   util.TimeStamp     `xorm:"updated"`
 }
 
 // TableName sets the table name to `oauth2_grant`
@@ -410,6 +411,48 @@ func getOAuth2GrantByID(e Engine, id int64) (grant *OAuth2Grant, err error) {
 	return
 }
 
+// GetOAuth2GrantsByUserID lists all grants of a certain user
+func GetOAuth2GrantsByUserID(uid int64) ([]*OAuth2Grant, error) {
+	return getOAuth2GrantsByUserID(x, uid)
+}
+
+func getOAuth2GrantsByUserID(e Engine, uid int64) ([]*OAuth2Grant, error) {
+	type joinedOAuth2Grant struct {
+		Grant       *OAuth2Grant       `xorm:"extends"`
+		Application *OAuth2Application `xorm:"extends"`
+	}
+	var results *xorm.Rows
+	var err error
+	if results, err = e.
+		Table("oauth2_grant").
+		Where("user_id = ?", uid).
+		Join("INNER", "oauth2_application", "application_id = oauth2_application.id").
+		Rows(new(joinedOAuth2Grant)); err != nil {
+		return nil, err
+	}
+	defer results.Close()
+	grants := make([]*OAuth2Grant, 0)
+	for results.Next() {
+		joinedGrant := new(joinedOAuth2Grant)
+		if err := results.Scan(joinedGrant); err != nil {
+			return nil, err
+		}
+		joinedGrant.Grant.Application = joinedGrant.Application
+		grants = append(grants, joinedGrant.Grant)
+	}
+	return grants, nil
+}
+
+// RevokeOAuth2Grant deletes the grant with grantID and userID
+func RevokeOAuth2Grant(grantID, userID int64) error {
+	return revokeOAuth2Grant(x, grantID, userID)
+}
+
+func revokeOAuth2Grant(e Engine, grantID, userID int64) error {
+	_, err := e.Delete(&OAuth2Grant{ID: grantID, UserID: userID})
+	return err
+}
+
 //////////////////////////////////////////////////////////////
 
 // OAuth2TokenType represents the type of token for an oauth application
diff --git a/models/oauth2_application_test.go b/models/oauth2_application_test.go
index b06d9356c0..3afdf50f53 100644
--- a/models/oauth2_application_test.go
+++ b/models/oauth2_application_test.go
@@ -135,6 +135,25 @@ func TestOAuth2Grant_TableName(t *testing.T) {
 	assert.Equal(t, "oauth2_grant", new(OAuth2Grant).TableName())
 }
 
+func TestGetOAuth2GrantsByUserID(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+	result, err := GetOAuth2GrantsByUserID(1)
+	assert.NoError(t, err)
+	assert.Len(t, result, 1)
+	assert.Equal(t, int64(1), result[0].ID)
+	assert.Equal(t, result[0].ApplicationID, result[0].Application.ID)
+
+	result, err = GetOAuth2GrantsByUserID(34134)
+	assert.NoError(t, err)
+	assert.Empty(t, result)
+}
+
+func TestRevokeOAuth2Grant(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+	assert.NoError(t, RevokeOAuth2Grant(1, 1))
+	AssertNotExistsBean(t, &OAuth2Grant{ID: 1, UserID: 1})
+}
+
 //////////////////// Authorization Code
 
 func TestGetOAuth2AuthorizationByCode(t *testing.T) {