- granted_scopes = token && token.scopes
-
- if is_nil(token) || required_scopes -- granted_scopes == [] do
- conn
- else
- missing_scopes = required_scopes -- granted_scopes
- error_message = "Insufficient permissions: #{Enum.join(missing_scopes, ", ")}."
-
- conn
- |> put_resp_content_type("application/json")
- |> send_resp(403, Jason.encode!(%{error: error_message}))
- |> halt()
+
+ cond do
+ is_nil(token) ->
+ conn
+
+ op == :| && scopes -- token.scopes != scopes ->
+ conn
+
+ op == :& && scopes -- token.scopes == [] ->
+ conn
+
+ options[:fallback] == :proceed_unauthenticated ->
+ conn
+ |> assign(:user, nil)
+ |> assign(:token, nil)
+
+ true ->
+ missing_scopes = scopes -- token.scopes
+ permissions = Enum.join(missing_scopes, " #{op} ")
+
+ error_message =
+ dgettext("errors", "Insufficient permissions: %{permissions}.", permissions: permissions)
+
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(:forbidden, Jason.encode!(%{error: error_message}))
+ |> halt()