Merge branch '1427-oauth-admin-scopes' into 'develop'

[#1427] Fixed `:admin` option handling in OAuthScopesPlug, added tests

Closes #1427

See merge request pleroma/pleroma!2053

2 files changed, 18 insertions, 10 deletions

diff --git a/lib/pleroma/config.ex b/lib/pleroma/config.ex
index cadab2f15..bad6d505c 100644
--- a/lib/pleroma/config.ex
+++ b/lib/pleroma/config.ex
@@ -68,8 +68,13 @@ defmodule Pleroma.Config do
 
   def enforce_oauth_admin_scope_usage?, do: !!get([:auth, :enforce_oauth_admin_scope_usage])
 
-  def oauth_admin_scopes(scope) do
-    ["admin:#{scope}"] ++
-      if enforce_oauth_admin_scope_usage?(), do: [], else: [scope]
+  def oauth_admin_scopes(scopes) when is_list(scopes) do
+    Enum.flat_map(
+      scopes,
+      fn scope ->
+        ["admin:#{scope}"] ++
+          if enforce_oauth_admin_scope_usage?(), do: [], else: [scope]
+      end
+    )
   end
 end
diff --git a/lib/pleroma/plugs/oauth_scopes_plug.ex b/lib/pleroma/plugs/oauth_scopes_plug.ex
index 3201fb399..174a8389c 100644
--- a/lib/pleroma/plugs/oauth_scopes_plug.ex
+++ b/lib/pleroma/plugs/oauth_scopes_plug.ex
@@ -17,13 +17,7 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
     op = options[:op] || :|
     token = assigns[:token]
 
-    scopes =
-      if options[:admin] do
-        Config.oauth_admin_scopes(scopes)
-      else
-        scopes
-      end
-
+    scopes = transform_scopes(scopes, options)
     matched_scopes = token && filter_descendants(scopes, token.scopes)
 
     cond do
@@ -69,6 +63,15 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
     )
   end
 
+  @doc "Transforms scopes by applying supported options (e.g. :admin)"
+  def transform_scopes(scopes, options) do
+    if options[:admin] do
+      Config.oauth_admin_scopes(scopes)
+    else
+      scopes
+    end
+  end
+
   defp maybe_perform_instance_privacy_check(%Plug.Conn{} = conn, options) do
     if options[:skip_instance_privacy_check] do
       conn