projects / akkoma / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
drop admin scopes on create app instead of rejecting
[akkoma] / lib / pleroma / web / o_auth / scopes.ex
diff --git a/lib/pleroma/web/o_auth/scopes.ex b/lib/pleroma/web/o_auth/scopes.ex
index 7fe04b9127fd9905bb01b5738a58b33c57ed643f..ccd8d4665d8a4d0bd5f2f1fa9d58dc66fe05e1a8 100644 (file)
--- a/lib/pleroma/web/o_auth/scopes.ex
+++ b/lib/pleroma/web/o_auth/scopes.ex
@@ -69,6 +69,17 @@ defmodule Pleroma.Web.OAuth.Scopes do
     end
   end
 
+  @spec filter_admin_scopes([String.t()], Pleroma.User.t()) :: [String.t()]
+  @doc """
+  Remove admin scopes for non-admins
+  """
+  def filter_admin_scopes(scopes, %Pleroma.User{is_admin: true}), do: scopes
+
+  def filter_admin_scopes(scopes, _user) do
+    drop_scopes = OAuthScopesPlug.filter_descendants(scopes, ["admin"])
+    Enum.reject(scopes, fn scope -> Enum.member?(drop_scopes, scope) end)
+  end
+
   defp validate_scopes_are_supported(scopes, app_scopes) do
     case OAuthScopesPlug.filter_descendants(scopes, app_scopes) do
       ^scopes -> {:ok, scopes}
Fork of https://akkoma.dev/AkkomaGang/akkoma.git