Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add more granular OAuth scopes (#7929)

Browse source 
* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope
This commit is contained in:
Eugen Rochko 2018-07-05 18:31:35 +02:00 committed by GitHub
parent ca2cc556f1
commit 1f6ed4f86a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
69 changed files with 295 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/api/v1/statuses_controller.rb
View file

@ -3,8 +3,8 @@
class Api::V1::StatusesController < Api::BaseController
include Authorization
before_action :authorize_if_got_token, except: [:create, :destroy]
before_action -> { doorkeeper_authorize! :write }, only: [:create, :destroy]
before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only: [:create, :destroy]
before_action :require_user!, except: [:show, :context, :card]
before_action :set_status, only: [:show, :context, :card]
@ -84,9 +84,4 @@ class Api::V1::StatusesController < Api::BaseController
def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
def authorize_if_got_token
request_token = Doorkeeper::OAuth::Token.from_request(request, *Doorkeeper.configuration.access_token_methods)
doorkeeper_authorize! :read if request_token
end
end