diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-12-12 16:00:06 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-12-12 16:00:06 +0300 |
| commit | 81b05340e9291e9af11727aee77f2c70a9d73498 (patch) | |
| tree | 44547032f0350639624180e111e7fad5febeaf09 /lib | |
| parent | 79532a7f7c91f30a738d9c7a3b429b27c29a782d (diff) | |
| download | pleroma-81b05340e9291e9af11727aee77f2c70a9d73498.tar.gz | |
[#1427] Graceful clearance of OAuth admin scopes for non-admin users (no error raised).
PleromaFE and other clients may safely request admin scope(s): if user isn't an admin, request is successful but only non-admin scopes from request are granted.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/oauth/scopes.ex | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/pleroma/web/oauth/scopes.ex b/lib/pleroma/web/oauth/scopes.ex index 5e04652c2..00da225b9 100644 --- a/lib/pleroma/web/oauth/scopes.ex +++ b/lib/pleroma/web/oauth/scopes.ex @@ -79,7 +79,9 @@ defmodule Pleroma.Web.OAuth.Scopes do if user.is_admin || !contains_admin_scopes?(scopes) || !contains_admin_scopes?(app_scopes) do {:ok, scopes} else - {:error, :unsupported_scopes} + # Gracefully dropping admin scopes from requested scopes if user isn't an admin (not raising) + scopes = scopes -- OAuthScopesPlug.filter_descendants(scopes, ["admin"]) + validate(scopes, app_scopes, user) end end |