1
0

Introduce OAuth scopes for bookmarks

This commit is contained in:
Thibaut Girka 2018-08-10 15:22:04 +02:00 committed by ThibG
parent 7d1dd59496
commit 03afc365d5
6 changed files with 8 additions and 4 deletions

View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
class Api::V1::BookmarksController < Api::BaseController
before_action -> { doorkeeper_authorize! :read }
before_action -> { doorkeeper_authorize! :read, :'read:bookmarks' }
before_action :require_user!
after_action :insert_pagination_headers

View File

@ -3,7 +3,7 @@
class Api::V1::Statuses::BookmarksController < Api::BaseController
include Authorization
before_action -> { doorkeeper_authorize! :write }
before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
before_action :require_user!
respond_to :json

View File

@ -58,6 +58,7 @@ Doorkeeper.configure do
optional_scopes :write,
:'write:accounts',
:'write:blocks',
:'write:bookmarks',
:'write:favourites',
:'write:filters',
:'write:follows',
@ -70,6 +71,7 @@ Doorkeeper.configure do
:read,
:'read:accounts',
:'read:blocks',
:'read:bookmarks',
:'read:favourites',
:'read:filters',
:'read:follows',

View File

@ -119,6 +119,7 @@ en:
read: read all your account's data
read:accounts: see accounts information
read:blocks: see your blocks
read:bookmarks: see your bookmarks
read:favourites: see your favourites
read:filters: see your filters
read:follows: see your follows
@ -131,6 +132,7 @@ en:
write: modify all your account's data
write:accounts: modify your profile
write:blocks: block accounts and domains
write:bookmarks: bookmark statuses
write:favourites: favourite statuses
write:filters: create filters
write:follows: follow people

View File

@ -4,7 +4,7 @@ RSpec.describe Api::V1::BookmarksController, type: :controller do
render_views
let(:user) { Fabricate(:user) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:bookmarks') }
describe 'GET #index' do
context 'without token' do

View File

@ -7,7 +7,7 @@ describe Api::V1::Statuses::BookmarksController do
let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write', application: app) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:bookmarks', application: app) }
context 'with an oauth token' do
before do