hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop'

Browse source 
Enforcement of OAuth scopes check for authenticated API endpoints

See merge request pleroma/pleroma!2349
This commit is contained in:
rinpatch 2020-04-16 21:58:57 +00:00
commit badd888ccb
17 changed files with 248 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
View file

@ -34,7 +34,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
plug(
OAuthScopesPlug,
%{scopes: ["write:conversations"]} when action == :update_conversation
%{scopes: ["write:conversations"]} when action in [:update_conversation, :read_conversations]
)
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :read_notification)