hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enforcement of OAuth scopes check for authenticated API endpoints, :skip_plug plug to mark a plug explicitly skipped (disabled).

Browse source
This commit is contained in:
Ivan Tashkinov 2020-04-06 10:20:44 +03:00
commit fc81e5a49c
14 changed files with 113 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
View file

@ -34,7 +34,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
plug(
OAuthScopesPlug,
%{scopes: ["write:conversations"]} when action == :update_conversation
%{scopes: ["write:conversations"]} when action in [:update_conversation, :read_conversations]
)
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :read_notification)