Introduce OAuth scopes for bookmarks

This commit is contained in:
Thibaut Girka 2018-08-10 15:22:04 +02:00
parent 7d1dd59496
commit 90b492143d
6 changed files with 8 additions and 4 deletions

View file

@ -1,7 +1,7 @@
# frozen_string_literal: true # frozen_string_literal: true
class Api::V1::BookmarksController < Api::BaseController class Api::V1::BookmarksController < Api::BaseController
before_action -> { doorkeeper_authorize! :read } before_action -> { doorkeeper_authorize! :read, :'read:bookmarks' }
before_action :require_user! before_action :require_user!
after_action :insert_pagination_headers after_action :insert_pagination_headers

View file

@ -3,7 +3,7 @@
class Api::V1::Statuses::BookmarksController < Api::BaseController class Api::V1::Statuses::BookmarksController < Api::BaseController
include Authorization include Authorization
before_action -> { doorkeeper_authorize! :write } before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
before_action :require_user! before_action :require_user!
respond_to :json respond_to :json

View file

@ -58,6 +58,7 @@ Doorkeeper.configure do
optional_scopes :write, optional_scopes :write,
:'write:accounts', :'write:accounts',
:'write:blocks', :'write:blocks',
:'write:bookmarks',
:'write:favourites', :'write:favourites',
:'write:filters', :'write:filters',
:'write:follows', :'write:follows',
@ -70,6 +71,7 @@ Doorkeeper.configure do
:read, :read,
:'read:accounts', :'read:accounts',
:'read:blocks', :'read:blocks',
:'read:bookmarks',
:'read:favourites', :'read:favourites',
:'read:filters', :'read:filters',
:'read:follows', :'read:follows',

View file

@ -119,6 +119,7 @@ en:
read: read all your account's data read: read all your account's data
read:accounts: see accounts information read:accounts: see accounts information
read:blocks: see your blocks read:blocks: see your blocks
read:bookmarks: see your bookmarks
read:favourites: see your favourites read:favourites: see your favourites
read:filters: see your filters read:filters: see your filters
read:follows: see your follows read:follows: see your follows
@ -131,6 +132,7 @@ en:
write: modify all your account's data write: modify all your account's data
write:accounts: modify your profile write:accounts: modify your profile
write:blocks: block accounts and domains write:blocks: block accounts and domains
write:bookmarks: bookmark statuses
write:favourites: favourite statuses write:favourites: favourite statuses
write:filters: create filters write:filters: create filters
write:follows: follow people write:follows: follow people

View file

@ -4,7 +4,7 @@ RSpec.describe Api::V1::BookmarksController, type: :controller do
render_views render_views
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') } let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:bookmarks') }
describe 'GET #index' do describe 'GET #index' do
context 'without token' do context 'without token' do

View file

@ -7,7 +7,7 @@ describe Api::V1::Statuses::BookmarksController do
let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') } let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write', application: app) } let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:bookmarks', application: app) }
context 'with an oauth token' do context 'with an oauth token' do
before do before do