From a7f01ffc1d0795f65b34b6dd9337d665f27edff9 Mon Sep 17 00:00:00 2001
From: Tusooa Zhu <tusooa@kazv.moe>
Date: Tue, 9 Aug 2022 00:34:04 -0400
Subject: Make backups require its own scope

---
 lib/pleroma/web/pleroma_api/controllers/backup_controller.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/pleroma_api/controllers/backup_controller.ex b/lib/pleroma/web/pleroma_api/controllers/backup_controller.ex
index 1a0548295..b9daed22b 100644
--- a/lib/pleroma/web/pleroma_api/controllers/backup_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/backup_controller.ex
@@ -9,7 +9,7 @@ defmodule Pleroma.Web.PleromaAPI.BackupController do
   alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
-  plug(OAuthScopesPlug, %{scopes: ["read:accounts"]} when action in [:index, :create])
+  plug(OAuthScopesPlug, %{scopes: ["read:backups"]} when action in [:index, :create])
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaBackupOperation
-- 
cgit v1.2.3


From 738ca484fd812d3fc027d4c3037d307c61fa24ca Mon Sep 17 00:00:00 2001
From: Tusooa Zhu <tusooa@kazv.moe>
Date: Tue, 9 Aug 2022 18:15:25 -0400
Subject: Update api spec to reflect OAuth scope change

---
 lib/pleroma/web/api_spec/operations/pleroma_backup_operation.ex | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/api_spec/operations/pleroma_backup_operation.ex b/lib/pleroma/web/api_spec/operations/pleroma_backup_operation.ex
index 82ec1e7bb..45fa2b058 100644
--- a/lib/pleroma/web/api_spec/operations/pleroma_backup_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/pleroma_backup_operation.ex
@@ -16,7 +16,7 @@ defmodule Pleroma.Web.ApiSpec.PleromaBackupOperation do
     %Operation{
       tags: ["Backups"],
       summary: "List backups",
-      security: [%{"oAuth" => ["read:account"]}],
+      security: [%{"oAuth" => ["read:backups"]}],
       operationId: "PleromaAPI.BackupController.index",
       responses: %{
         200 =>
@@ -37,7 +37,7 @@ defmodule Pleroma.Web.ApiSpec.PleromaBackupOperation do
     %Operation{
       tags: ["Backups"],
       summary: "Create a backup",
-      security: [%{"oAuth" => ["read:account"]}],
+      security: [%{"oAuth" => ["read:backups"]}],
       operationId: "PleromaAPI.BackupController.create",
       responses: %{
         200 =>
-- 
cgit v1.2.3