- plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
-
- plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
-
- plug(
- OAuthScopesPlug,
- %{scopes: ["follow", "read:blocks"]} when action == :blocks
- )
-
- # To do: POST /api/v1/follows is not present in Mastodon; consider removing the action
- plug(
- OAuthScopesPlug,
- %{scopes: ["follow", "write:follows"]} when action == :follows
- )
-
- plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
-
- # Note: scope not present in Mastodon: read:bookmarks
- plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
-
- # An extra safety measure for possible actions not guarded by OAuth permissions specification
- plug(
- Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
- when action not in [
- :create_app,
- :index,
- :login,
- :logout,
- :password_reset,
- :masto_instance,
- :peers,
- :custom_emojis
- ]
- )