From a9e40a3d80435431f689b8d19005dd77a8f50224 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 22 Oct 2016 19:38:47 +0200
Subject: Adding OAuth access scopes, fixing OAuth authorization UI, adding
 rate limiting to the API

---
 app/controllers/api/v1/accounts_controller.rb | 4 +++-
 app/controllers/api/v1/follows_controller.rb  | 2 +-
 app/controllers/api/v1/media_controller.rb    | 2 +-
 app/controllers/api/v1/statuses_controller.rb | 4 +++-
 4 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'app/controllers/api/v1')

diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index 2669315e2..bb3e54a89 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -1,5 +1,7 @@
 class Api::V1::AccountsController < ApiController
-  before_action :doorkeeper_authorize!
+  before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock]
+  before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock]
+
   before_action :set_account, except: [:verify_credentials, :suggestions]
   respond_to    :json
 
diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb
index 739ac1fb1..9181cd077 100644
--- a/app/controllers/api/v1/follows_controller.rb
+++ b/app/controllers/api/v1/follows_controller.rb
@@ -1,5 +1,5 @@
 class Api::V1::FollowsController < ApiController
-  before_action :doorkeeper_authorize!
+  before_action -> { doorkeeper_authorize! :follow }
   respond_to    :json
 
   def create
diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb
index 7efe38bd8..dffc797fe 100644
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@@ -1,5 +1,5 @@
 class Api::V1::MediaController < ApiController
-  before_action :doorkeeper_authorize!
+  before_action -> { doorkeeper_authorize! :write }
   respond_to    :json
 
   def create
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index a7305233e..b02b7bb57 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -1,5 +1,7 @@
 class Api::V1::StatusesController < ApiController
-  before_action :doorkeeper_authorize!
+  before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
+  before_action -> { doorkeeper_authorize! :write }, only:  [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
+
   respond_to    :json
 
   def show
-- 
cgit