Add read:me OAuth 2.0 scope, allowing more limited access to user data (#29087)
This commit is contained in:
parent
d754b15afb
commit
049b159beb
|
@ -1,7 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class Api::V1::Accounts::CredentialsController < Api::BaseController
|
||||
before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update]
|
||||
before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update]
|
||||
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
|
||||
before_action :require_user!
|
||||
|
||||
|
|
|
@ -89,6 +89,7 @@ Doorkeeper.configure do
|
|||
:'write:reports',
|
||||
:'write:statuses',
|
||||
:read,
|
||||
:'read:me',
|
||||
:'read:accounts',
|
||||
:'read:blocks',
|
||||
:'read:bookmarks',
|
||||
|
|
|
@ -174,6 +174,7 @@ en:
|
|||
read:filters: see your filters
|
||||
read:follows: see your follows
|
||||
read:lists: see your lists
|
||||
read:me: read only your account's basic information
|
||||
read:mutes: see your mutes
|
||||
read:notifications: see your notifications
|
||||
read:reports: see your reports
|
||||
|
|
|
@ -28,6 +28,20 @@ RSpec.describe 'credentials API' do
|
|||
locked: true,
|
||||
})
|
||||
end
|
||||
|
||||
describe 'allows the read:me scope' do
|
||||
let(:scopes) { 'read:me' }
|
||||
|
||||
it 'returns the response successfully' do
|
||||
subject
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
|
||||
expect(body_as_json).to include({
|
||||
locked: true,
|
||||
})
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PATCH /api/v1/accounts/update_credentials' do
|
||||
|
|
Loading…
Reference in New Issue