Change `follow` scope to be covered by `read` and `write` scopes in REST API (#17678)

author Eugen Rochko <eugen@zeonfederated.com>

Thu, 3 Mar 2022 15:13:40 +0000 (16:13 +0100)

committer GitHub <noreply@github.com>

Thu, 3 Mar 2022 15:13:40 +0000 (16:13 +0100)
author Eugen Rochko <eugen@zeonfederated.com>
Thu, 3 Mar 2022 15:13:40 +0000 (16:13 +0100)
committer GitHub <noreply@github.com>
Thu, 3 Mar 2022 15:13:40 +0000 (16:13 +0100)
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb

index 5c47158e02c64d00dbf3b0b813680022c705f4b6..5134bfb94a6be0abfad64d2727acb01ef89a0245 100644 (file)
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -2,9 +2,9 @@
  
  class Api::V1::AccountsController < Api::BaseController
    before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:create, :follow, :unfollow, :remove_from_followers, :block, :unblock, :mute, :unmute]
-  before_action -> { doorkeeper_authorize! :follow, :'write:follows' }, only: [:follow, :unfollow, :remove_from_followers]
-  before_action -> { doorkeeper_authorize! :follow, :'write:mutes' }, only: [:mute, :unmute]
-  before_action -> { doorkeeper_authorize! :follow, :'write:blocks' }, only: [:block, :unblock]
+  before_action -> { doorkeeper_authorize! :follow, :write, :'write:follows' }, only: [:follow, :unfollow, :remove_from_followers]
+  before_action -> { doorkeeper_authorize! :follow, :write, :'write:mutes' }, only: [:mute, :unmute]
+  before_action -> { doorkeeper_authorize! :follow, :write, :'write:blocks' }, only: [:block, :unblock]
    before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:create]
  
    before_action :require_user!, except: [:show, :create]
diff --git a/app/controllers/api/v1/blocks_controller.rb b/app/controllers/api/v1/blocks_controller.rb

index 586cdfca9d4e6b71be8a25debf30389a33ff3f80..a65e762c9f82ad9bc879c90c5dfc2e2fc43f9455 100644 (file)
--- a/app/controllers/api/v1/blocks_controller.rb
+++ b/app/controllers/api/v1/blocks_controller.rb
@@ -1,7 +1,7 @@
  # frozen_string_literal: true
  
  class Api::V1::BlocksController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :follow, :'read:blocks' }
+  before_action -> { doorkeeper_authorize! :follow, :read, :'read:blocks' }
    before_action :require_user!
    after_action :insert_pagination_headers
  
diff --git a/app/controllers/api/v1/domain_blocks_controller.rb b/app/controllers/api/v1/domain_blocks_controller.rb

index 5bb02d834cf6fe198cb5103e607b57a292aee33c..1891261b9ca8d1e5c44cc0921b908e8903567d76 100644 (file)
--- a/app/controllers/api/v1/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/domain_blocks_controller.rb
@@ -3,8 +3,8 @@
  class Api::V1::DomainBlocksController < Api::BaseController
    BLOCK_LIMIT = 100
  
-  before_action -> { doorkeeper_authorize! :follow, :'read:blocks' }, only: :show
-  before_action -> { doorkeeper_authorize! :follow, :'write:blocks' }, except: :show
+  before_action -> { doorkeeper_authorize! :follow, :read, :'read:blocks' }, only: :show
+  before_action -> { doorkeeper_authorize! :follow, :write, :'write:blocks' }, except: :show
    before_action :require_user!
    after_action :insert_pagination_headers, only: :show
  
diff --git a/app/controllers/api/v1/follow_requests_controller.rb b/app/controllers/api/v1/follow_requests_controller.rb

index f4b2a74d0ae82ae0d41a00e0ea5496baa3f85367..8276245a31af029ea4feb0e522493dbff8ce2c21 100644 (file)
--- a/app/controllers/api/v1/follow_requests_controller.rb
+++ b/app/controllers/api/v1/follow_requests_controller.rb
@@ -1,8 +1,8 @@
  # frozen_string_literal: true
  
  class Api::V1::FollowRequestsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :follow, :'read:follows' }, only: :index
-  before_action -> { doorkeeper_authorize! :follow, :'write:follows' }, except: :index
+  before_action -> { doorkeeper_authorize! :follow, :read, :'read:follows' }, only: :index
+  before_action -> { doorkeeper_authorize! :follow, :write, :'write:follows' }, except: :index
    before_action :require_user!
    after_action :insert_pagination_headers, only: :index
  
diff --git a/app/controllers/api/v1/mutes_controller.rb b/app/controllers/api/v1/mutes_controller.rb

index fd52511d7eb0497d018551d61233a7a5b1d33666..6cde53a2a7dbfaa39b146987f2b7ba9a0adf82c1 100644 (file)
--- a/app/controllers/api/v1/mutes_controller.rb
+++ b/app/controllers/api/v1/mutes_controller.rb
@@ -1,7 +1,7 @@
  # frozen_string_literal: true
  
  class Api::V1::MutesController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :follow, :'read:mutes' }
+  before_action -> { doorkeeper_authorize! :follow, :read, :'read:mutes' }
    before_action :require_user!
    after_action :insert_pagination_headers
author	Eugen Rochko <eugen@zeonfederated.com>
	Thu, 3 Mar 2022 15:13:40 +0000 (16:13 +0100)
committer	GitHub <noreply@github.com>
	Thu, 3 Mar 2022 15:13:40 +0000 (16:13 +0100)
app/controllers/api/v1/accounts_controller.rb		patch \| blob \| history
app/controllers/api/v1/blocks_controller.rb		patch \| blob \| history
app/controllers/api/v1/domain_blocks_controller.rb		patch \| blob \| history
app/controllers/api/v1/follow_requests_controller.rb		patch \| blob \| history
app/controllers/api/v1/mutes_controller.rb		patch \| blob \| history