[#468] Defined OAuth restrictions for all applicable routes.

Improved missing "scopes" param handling. Allowed "any of" / "all of" mode specification in OAuthScopesPlug. Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00 · 2019-02-15 19:54:37 +03:00 · 2a4a4f3342
commit 2a4a4f3342
parent 027adbc9e5
7 changed files with 142 additions and 76 deletions
--- a/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex
+++ b/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex
@ -14,7 +14,7 @@
 <%= label f, :scope, "Permissions" %>
 <br>
 <%= for scope <- @scopes do %>
-  <%= checkbox f, :"scopes_#{scope}", hidden_input: false, value: scope, checked_value: scope, name: "authorization[scopes][]" %>
+  <%= checkbox f, :"scopes_#{scope}", value: scope, checked_value: scope, unchecked_value: "", name: "authorization[scopes][]" %>
  <%= label f, :"scopes_#{scope}", String.capitalize(scope) %>
  <br>
 <% end %>