diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-07-05 18:31:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-05 18:31:35 +0200 |
commit | 1f6ed4f86ab2aa98bb271b40bf381370fab4fdf2 (patch) | |
tree | c7f4668bc9e5fae31ea8dc8b7dd10edd0f2c1164 /config | |
parent | ca2cc556f1875e431ea9ceb2d3f4766366c76846 (diff) |
Add more granular OAuth scopes (#7929)
* Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/doorkeeper.rb | 27 | ||||
-rw-r--r-- | config/locales/doorkeeper.en.yml | 30 | ||||
-rw-r--r-- | config/locales/simple_form.en.yml | 1 |
3 files changed, 53 insertions, 5 deletions
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 469553803..fe2490b32 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -55,7 +55,32 @@ Doorkeeper.configure do # For more information go to # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes default_scopes :read - optional_scopes :write, :follow, :push + optional_scopes :write, + :'write:accounts', + :'write:blocks', + :'write:favourites', + :'write:filters', + :'write:follows', + :'write:lists', + :'write:media', + :'write:mutes', + :'write:notifications', + :'write:reports', + :'write:statuses', + :read, + :'read:accounts', + :'read:blocks', + :'read:favourites', + :'read:filters', + :'read:follows', + :'read:lists', + :'read:mutes', + :'read:notifications', + :'read:reports', + :'read:search', + :'read:statuses', + :follow, + :push # Change the way client credentials are retrieved from the request object. # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index eca1fc675..f1fe03716 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -114,7 +114,29 @@ en: application: title: OAuth authorization required scopes: - follow: follow, block, unblock and unfollow accounts - push: receive push notifications for your account - read: read your account's data - write: post on your behalf + follow: modify account relationships + push: receive your push notifications + read: read all your account's data + read:accounts: see accounts information + read:blocks: see your blocks + read:favourites: see your favourites + read:filters: see your filters + read:follows: see your follows + read:lists: see your lists + read:mutes: see your mutes + read:notifications: see your notifications + read:reports: see your reports + read:search: search on your behalf + read:statuses: see all statuses + write: modify all your account's data + write:accounts: modify your profile + write:blocks: block accounts and domains + write:favourites: favourite statuses + write:filters: create filters + write:follows: follow people + write:lists: create lists + write:media: upload media files + write:mutes: mute people and conversations + write:notifications: clear your notifications + write:reports: report other people + write:statuses: publish statuses diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 59133ea73..49d94bcde 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -20,6 +20,7 @@ en: one: <span class="note-counter">1</span> character left other: <span class="note-counter">%{count}</span> characters left phrase: Will be matched regardless of casing in text or content warning of a toot + scopes: Which APIs the application will be allowed to access. If you select a top-level scope, you don't need to select individual ones. setting_default_language: The language of your toots can be detected automatically, but it's not always accurate setting_hide_network: Who you follow and who follows you will not be shown on your profile setting_noindex: Affects your public profile and status pages |