+
+ def restrict_unauthenticated_access?(resource, kind) do
+ setting = get([:restrict_unauthenticated, resource, kind])
+
+ if setting in [nil, :if_instance_is_private] do
+ !get!([:instance, :public])
+ else
+ setting
+ end
+ end
+
+ def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], [])
+
+ def oauth_consumer_enabled?, do: oauth_consumer_strategies() != []
+
+ def enforce_oauth_admin_scope_usage?, do: !!get([:auth, :enforce_oauth_admin_scope_usage])
+
+ def oauth_admin_scopes(scopes) when is_list(scopes) do
+ Enum.flat_map(
+ scopes,
+ fn scope ->
+ ["admin:#{scope}"] ++
+ if enforce_oauth_admin_scope_usage?(), do: [], else: [scope]
+ end
+ )
+ end