X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Foauth_scopes_plug.ex;h=b508628a92dca12b90e197c1acf3a3ca3c66b4bc;hb=f4c001062e51c207bf84f56473ddf6120e3b50fb;hp=a16adb00439ffa0fdf9e5791862d88e6ae560adf;hpb=4ad843fb9df838f36c014ddfb76d7107ba2b5c7b;p=akkoma diff --git a/lib/pleroma/plugs/oauth_scopes_plug.ex b/lib/pleroma/plugs/oauth_scopes_plug.ex index a16adb004..b508628a9 100644 --- a/lib/pleroma/plugs/oauth_scopes_plug.ex +++ b/lib/pleroma/plugs/oauth_scopes_plug.ex @@ -4,26 +4,42 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do import Plug.Conn - alias Pleroma.Web.OAuth + import Pleroma.Web.Gettext @behaviour Plug - def init(%{required_scopes: _} = options), do: options + def init(%{scopes: _} = options), do: options - def call(%Plug.Conn{assigns: assigns} = conn, %{required_scopes: required_scopes}) do + def call(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do + op = options[:op] || :| token = assigns[:token] - granted_scopes = token && OAuth.parse_scopes(token.scope) - - if is_nil(token) || required_scopes -- granted_scopes == [] do - conn - else - missing_scopes = required_scopes -- granted_scopes - error_message = "Insufficient permissions: #{Enum.join(missing_scopes, ", ")}." - - conn - |> put_resp_content_type("application/json") - |> send_resp(403, Jason.encode!(%{error: error_message})) - |> halt() + + cond do + is_nil(token) -> + conn + + op == :| && scopes -- token.scopes != scopes -> + conn + + op == :& && scopes -- token.scopes == [] -> + conn + + options[:fallback] == :proceed_unauthenticated -> + conn + |> assign(:user, nil) + |> assign(:token, nil) + + true -> + missing_scopes = scopes -- token.scopes + permissions = Enum.join(missing_scopes, " #{op} ") + + error_message = + dgettext("errors", "Insufficient permissions: %{permissions}.", permissions: permissions) + + conn + |> put_resp_content_type("application/json") + |> send_resp(:forbidden, Jason.encode!(%{error: error_message})) + |> halt() end end end