about summary refs log tree commit diff
diff options
context:
space:
mode:
authorThibaut Girka <thib@sitedethib.com>2018-08-10 15:22:04 +0200
committerThibG <thib@sitedethib.com>2018-08-10 16:49:06 +0200
commit03afc365d530e6d57754ae9dbbdbd0c56431ee02 (patch)
tree58ecbe9865b1cfcca6b08da53e8bb6c5e01e5c9a
parent7d1dd59496189d7b6e81585a01aaaae6fd45a737 (diff)
Introduce OAuth scopes for bookmarks
-rw-r--r--app/controllers/api/v1/bookmarks_controller.rb2
-rw-r--r--app/controllers/api/v1/statuses/bookmarks_controller.rb2
-rw-r--r--config/initializers/doorkeeper.rb2
-rw-r--r--config/locales/doorkeeper.en.yml2
-rw-r--r--spec/controllers/api/v1/bookmarks_controller_spec.rb2
-rw-r--r--spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb2
6 files changed, 8 insertions, 4 deletions
diff --git a/app/controllers/api/v1/bookmarks_controller.rb b/app/controllers/api/v1/bookmarks_controller.rb
index 49038807d..1cab3c372 100644
--- a/app/controllers/api/v1/bookmarks_controller.rb
+++ b/app/controllers/api/v1/bookmarks_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::BookmarksController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read }
+  before_action -> { doorkeeper_authorize! :read, :'read:bookmarks' }
   before_action :require_user!
   after_action :insert_pagination_headers
 
diff --git a/app/controllers/api/v1/statuses/bookmarks_controller.rb b/app/controllers/api/v1/statuses/bookmarks_controller.rb
index d7def5f1f..bb9729cf5 100644
--- a/app/controllers/api/v1/statuses/bookmarks_controller.rb
+++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb
@@ -3,7 +3,7 @@
 class Api::V1::Statuses::BookmarksController < Api::BaseController
   include Authorization
 
-  before_action -> { doorkeeper_authorize! :write }
+  before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
   before_action :require_user!
 
   respond_to :json
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index fe2490b32..c77387ed4 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -58,6 +58,7 @@ Doorkeeper.configure do
   optional_scopes :write,
                   :'write:accounts',
                   :'write:blocks',
+                  :'write:bookmarks',
                   :'write:favourites',
                   :'write:filters',
                   :'write:follows',
@@ -70,6 +71,7 @@ Doorkeeper.configure do
                   :read,
                   :'read:accounts',
                   :'read:blocks',
+                  :'read:bookmarks',
                   :'read:favourites',
                   :'read:filters',
                   :'read:follows',
diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index f1fe03716..211b210d7 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -119,6 +119,7 @@ en:
       read: read all your account's data
       read:accounts: see accounts information
       read:blocks: see your blocks
+      read:bookmarks: see your bookmarks
       read:favourites: see your favourites
       read:filters: see your filters
       read:follows: see your follows
@@ -131,6 +132,7 @@ en:
       write: modify all your account's data
       write:accounts: modify your profile
       write:blocks: block accounts and domains
+      write:bookmarks: bookmark statuses
       write:favourites: favourite statuses
       write:filters: create filters
       write:follows: follow people
diff --git a/spec/controllers/api/v1/bookmarks_controller_spec.rb b/spec/controllers/api/v1/bookmarks_controller_spec.rb
index 26130e71b..79601b6e6 100644
--- a/spec/controllers/api/v1/bookmarks_controller_spec.rb
+++ b/spec/controllers/api/v1/bookmarks_controller_spec.rb
@@ -4,7 +4,7 @@ RSpec.describe Api::V1::BookmarksController, type: :controller do
   render_views
 
   let(:user)  { Fabricate(:user) }
-  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:bookmarks') }
 
   describe 'GET #index' do
     context 'without token' do
diff --git a/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb b/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb
index d881e22ed..b79853718 100644
--- a/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb
+++ b/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb
@@ -7,7 +7,7 @@ describe Api::V1::Statuses::BookmarksController do
 
   let(:user)  { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
   let(:app)   { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
-  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write', application: app) }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:bookmarks', application: app) }
 
   context 'with an oauth token' do
     before do