From a9e40a3d80435431f689b8d19005dd77a8f50224 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 22 Oct 2016 19:38:47 +0200
Subject: Adding OAuth access scopes, fixing OAuth authorization UI, adding
 rate limiting to the API

---
 app/controllers/api/v1/statuses_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/controllers/api/v1/statuses_controller.rb')

diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index a7305233e..b02b7bb57 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -1,5 +1,7 @@
 class Api::V1::StatusesController < ApiController
-  before_action :doorkeeper_authorize!
+  before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
+  before_action -> { doorkeeper_authorize! :write }, only:  [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
+
   respond_to    :json
 
   def show
-- 
cgit