From 03afc365d530e6d57754ae9dbbdbd0c56431ee02 Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Fri, 10 Aug 2018 15:22:04 +0200 Subject: [PATCH] Introduce OAuth scopes for bookmarks --- app/controllers/api/v1/bookmarks_controller.rb | 2 +- app/controllers/api/v1/statuses/bookmarks_controller.rb | 2 +- config/initializers/doorkeeper.rb | 2 ++ config/locales/doorkeeper.en.yml | 2 ++ spec/controllers/api/v1/bookmarks_controller_spec.rb | 2 +- spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb | 2 +- 6 files changed, 8 insertions(+), 4 deletions(-) diff --git a/app/controllers/api/v1/bookmarks_controller.rb b/app/controllers/api/v1/bookmarks_controller.rb index 49038807db..1cab3c372e 100644 --- a/app/controllers/api/v1/bookmarks_controller.rb +++ b/app/controllers/api/v1/bookmarks_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::BookmarksController < Api::BaseController - before_action -> { doorkeeper_authorize! :read } + before_action -> { doorkeeper_authorize! :read, :'read:bookmarks' } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/statuses/bookmarks_controller.rb b/app/controllers/api/v1/statuses/bookmarks_controller.rb index d7def5f1f8..bb9729cf50 100644 --- a/app/controllers/api/v1/statuses/bookmarks_controller.rb +++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb @@ -3,7 +3,7 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController include Authorization - before_action -> { doorkeeper_authorize! :write } + before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' } before_action :require_user! respond_to :json diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index fe2490b326..c77387ed46 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -58,6 +58,7 @@ Doorkeeper.configure do optional_scopes :write, :'write:accounts', :'write:blocks', + :'write:bookmarks', :'write:favourites', :'write:filters', :'write:follows', @@ -70,6 +71,7 @@ Doorkeeper.configure do :read, :'read:accounts', :'read:blocks', + :'read:bookmarks', :'read:favourites', :'read:filters', :'read:follows', diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index f1fe03716a..211b210d7e 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -119,6 +119,7 @@ en: read: read all your account's data read:accounts: see accounts information read:blocks: see your blocks + read:bookmarks: see your bookmarks read:favourites: see your favourites read:filters: see your filters read:follows: see your follows @@ -131,6 +132,7 @@ en: write: modify all your account's data write:accounts: modify your profile write:blocks: block accounts and domains + write:bookmarks: bookmark statuses write:favourites: favourite statuses write:filters: create filters write:follows: follow people diff --git a/spec/controllers/api/v1/bookmarks_controller_spec.rb b/spec/controllers/api/v1/bookmarks_controller_spec.rb index 26130e71bf..79601b6e62 100644 --- a/spec/controllers/api/v1/bookmarks_controller_spec.rb +++ b/spec/controllers/api/v1/bookmarks_controller_spec.rb @@ -4,7 +4,7 @@ RSpec.describe Api::V1::BookmarksController, type: :controller do render_views let(:user) { Fabricate(:user) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:bookmarks') } describe 'GET #index' do context 'without token' do diff --git a/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb b/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb index d881e22ed1..b79853718d 100644 --- a/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb +++ b/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb @@ -7,7 +7,7 @@ describe Api::V1::Statuses::BookmarksController do let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write', application: app) } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:bookmarks', application: app) } context 'with an oauth token' do before do