[#1478] OAuth admin tweaks: enforced OAuth admin scopes usage by default, migrated existing OAuth records. Adjusted tests.

priv/repo/migrations/20191220174645_add_scopes_to_pleroma_feo_auth_records.exs

@@ -0,0 +1,17 @@
+defmodule Pleroma.Repo.Migrations.AddScopesToPleromaFEOAuthRecords do
+  use Ecto.Migration
+
+  def up do
+    update_scopes_clause = "SET scopes = '{read,write,follow,push,admin}'"
+    apps_where = "WHERE apps.client_name like 'PleromaFE_%' or apps.client_name like 'AdminFE_%'"
+    app_id_subquery_where = "WHERE app_id IN (SELECT apps.id FROM apps #{apps_where})"
+
+    execute("UPDATE apps #{update_scopes_clause} #{apps_where}")
+
+    for table <- ["oauth_authorizations", "oauth_tokens"] do
+      execute("UPDATE #{table} #{update_scopes_clause} #{app_id_subquery_where}")
+    end
+  end
+
+  def down, do: :noop
+end