Add read:me OAuth 2.0 scope, allowing more limited access to user data (#29087)
This commit is contained in:
parent
d754b15afb
commit
049b159beb
|
@ -1,7 +1,7 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Api::V1::Accounts::CredentialsController < Api::BaseController
|
class Api::V1::Accounts::CredentialsController < Api::BaseController
|
||||||
before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update]
|
before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update]
|
||||||
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
|
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
|
||||||
|
|
|
@ -89,6 +89,7 @@ Doorkeeper.configure do
|
||||||
:'write:reports',
|
:'write:reports',
|
||||||
:'write:statuses',
|
:'write:statuses',
|
||||||
:read,
|
:read,
|
||||||
|
:'read:me',
|
||||||
:'read:accounts',
|
:'read:accounts',
|
||||||
:'read:blocks',
|
:'read:blocks',
|
||||||
:'read:bookmarks',
|
:'read:bookmarks',
|
||||||
|
|
|
@ -174,6 +174,7 @@ en:
|
||||||
read:filters: see your filters
|
read:filters: see your filters
|
||||||
read:follows: see your follows
|
read:follows: see your follows
|
||||||
read:lists: see your lists
|
read:lists: see your lists
|
||||||
|
read:me: read only your account's basic information
|
||||||
read:mutes: see your mutes
|
read:mutes: see your mutes
|
||||||
read:notifications: see your notifications
|
read:notifications: see your notifications
|
||||||
read:reports: see your reports
|
read:reports: see your reports
|
||||||
|
|
|
@ -28,6 +28,20 @@ RSpec.describe 'credentials API' do
|
||||||
locked: true,
|
locked: true,
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'allows the read:me scope' do
|
||||||
|
let(:scopes) { 'read:me' }
|
||||||
|
|
||||||
|
it 'returns the response successfully' do
|
||||||
|
subject
|
||||||
|
|
||||||
|
expect(response).to have_http_status(200)
|
||||||
|
|
||||||
|
expect(body_as_json).to include({
|
||||||
|
locked: true,
|
||||||
|
})
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'PATCH /api/v1/accounts/update_credentials' do
|
describe 'PATCH /api/v1/accounts/update_credentials' do
|
||||||
|
|
Loading…
Reference in New Issue