Introduce OAuth scopes for bookmarks

2018-08-10 15:22:04 +02:00
parent 7d1dd59496
commit 90b492143d
6 changed files with 8 additions and 4 deletions
--- a/app/controllers/api/v1/bookmarks_controller.rb
+++ b/app/controllers/api/v1/bookmarks_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true

 class Api::V1::BookmarksController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read }
+  before_action -> { doorkeeper_authorize! :read, :'read:bookmarks' }
  before_action :require_user!
  after_action :insert_pagination_headers

--- a/app/controllers/api/v1/statuses/bookmarks_controller.rb
+++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb
@@ -3,7 +3,7 @@
 class Api::V1::Statuses::BookmarksController < Api::BaseController
  include Authorization

-  before_action -> { doorkeeper_authorize! :write }
+  before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
  before_action :require_user!

  respond_to :json
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -58,6 +58,7 @@ Doorkeeper.configure do
  optional_scopes :write,
                  :'write:accounts',
                  :'write:blocks',
+                  :'write:bookmarks',
                  :'write:favourites',
                  :'write:filters',
                  :'write:follows',
@@ -70,6 +71,7 @@ Doorkeeper.configure do
                  :read,
                  :'read:accounts',
                  :'read:blocks',
+                  :'read:bookmarks',
                  :'read:favourites',
                  :'read:filters',
                  :'read:follows',
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -119,6 +119,7 @@ en:
      read: read all your account's data
      read:accounts: see accounts information
      read:blocks: see your blocks
+      read:bookmarks: see your bookmarks
      read:favourites: see your favourites
      read:filters: see your filters
      read:follows: see your follows
@@ -131,6 +132,7 @@ en:
      write: modify all your account's data
      write:accounts: modify your profile
      write:blocks: block accounts and domains
+      write:bookmarks: bookmark statuses
      write:favourites: favourite statuses
      write:filters: create filters
      write:follows: follow people
--- a/spec/controllers/api/v1/bookmarks_controller_spec.rb
+++ b/spec/controllers/api/v1/bookmarks_controller_spec.rb
@@ -4,7 +4,7 @@ RSpec.describe Api::V1::BookmarksController, type: :controller do
  render_views

  let(:user)  { Fabricate(:user) }
-  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:bookmarks') }

  describe 'GET #index' do
    context 'without token' do
--- a/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb
+++ b/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb
@@ -7,7 +7,7 @@ describe Api::V1::Statuses::BookmarksController do

  let(:user)  { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
  let(:app)   { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
-  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write', application: app) }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:bookmarks', application: app) }

  context 'with an oauth token' do
    before do