Add more granular OAuth scopes (#7929)

* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope

1 files changed, 7 insertions, 1 deletions

diff --git a/spec/controllers/api/v1/follow_requests_controller_spec.rb b/spec/controllers/api/v1/follow_requests_controller_spec.rb
index 3c0b84af8..87292d9ce 100644
--- a/spec/controllers/api/v1/follow_requests_controller_spec.rb
+++ b/spec/controllers/api/v1/follow_requests_controller_spec.rb
@@ -4,7 +4,7 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do
   render_views
 
   let(:user)     { Fabricate(:user, account: Fabricate(:account, username: 'alice', locked: true)) }
-  let(:token)    { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'follow') }
+  let(:token)    { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
   let(:follower) { Fabricate(:account, username: 'bob') }
 
   before do
@@ -13,6 +13,8 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do
   end
 
   describe 'GET #index' do
+    let(:scopes) { 'read:follows' }
+
     before do
       get :index, params: { limit: 1 }
     end
@@ -23,6 +25,8 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do
   end
 
   describe 'POST #authorize' do
+    let(:scopes) { 'write:follows' }
+
     before do
       post :authorize, params: { id: follower.id }
     end
@@ -37,6 +41,8 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do
   end
 
   describe 'POST #reject' do
+    let(:scopes) { 'write:follows' }
+
     before do
       post :reject, params: { id: follower.id }
     end