[#1427] Reworked admin scopes support.

Requalified users.is_admin flag as legacy accessor to admin actions in case token lacks admin scope(s).

config/config.exs

@@ -560,7 +560,10 @@ config :ueberauth,
        base_path: "/oauth",
        providers: ueberauth_providers
 
-config :pleroma, :auth, oauth_consumer_strategies: oauth_consumer_strategies
+config :pleroma,
+       :auth,
+       enforce_oauth_admin_scope_usage: false,
+       oauth_consumer_strategies: oauth_consumer_strategies
 
 config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Sendmail, enabled: false
 

config/description.exs

@@ -2094,6 +2094,15 @@ config :pleroma, :config_description, [
     type: :group,
     description: "Authentication / authorization settings",
     children: [
+      %{
+        key: :enforce_oauth_admin_scope_usage,
+        type: :boolean,
+        description:
+          "OAuth admin scope requirement toggle. " <>
+            "If `true`, admin actions explicitly demand admin OAuth scope(s) presence in OAuth token " <>
+            "(client app must support admin scopes). If `false` and token doesn't have admin scope(s)," <>
+            "`is_admin` user flag grants access to admin-specific actions."
+      },
       %{
         key: :auth_template,
         type: :string,