diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-07-05 18:31:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-05 18:31:35 +0200 |
commit | 1f6ed4f86ab2aa98bb271b40bf381370fab4fdf2 (patch) | |
tree | c7f4668bc9e5fae31ea8dc8b7dd10edd0f2c1164 /app/controllers/api/v1/timelines | |
parent | ca2cc556f1875e431ea9ceb2d3f4766366c76846 (diff) |
Add more granular OAuth scopes (#7929)
* Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
Diffstat (limited to 'app/controllers/api/v1/timelines')
-rw-r--r-- | app/controllers/api/v1/timelines/direct_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/v1/timelines/home_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/v1/timelines/list_controller.rb | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/api/v1/timelines/direct_controller.rb b/app/controllers/api/v1/timelines/direct_controller.rb index ef64078be..d8a76d153 100644 --- a/app/controllers/api/v1/timelines/direct_controller.rb +++ b/app/controllers/api/v1/timelines/direct_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::Timelines::DirectController < Api::BaseController - before_action -> { doorkeeper_authorize! :read }, only: [:show] + before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, only: [:show] before_action :require_user!, only: [:show] after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/v1/timelines/home_controller.rb b/app/controllers/api/v1/timelines/home_controller.rb index cde4e8420..4412aaaa3 100644 --- a/app/controllers/api/v1/timelines/home_controller.rb +++ b/app/controllers/api/v1/timelines/home_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::Timelines::HomeController < Api::BaseController - before_action -> { doorkeeper_authorize! :read }, only: [:show] + before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, only: [:show] before_action :require_user!, only: [:show] after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/v1/timelines/list_controller.rb b/app/controllers/api/v1/timelines/list_controller.rb index 06d596c08..cfc5f3b5e 100644 --- a/app/controllers/api/v1/timelines/list_controller.rb +++ b/app/controllers/api/v1/timelines/list_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::Timelines::ListController < Api::BaseController - before_action -> { doorkeeper_authorize! :read } + before_action -> { doorkeeper_authorize! :read, :'read:lists' } before_action :require_user! before_action :set_list before_action :set_statuses |