Merge branch 'fix-admin-api-scope' into 'develop'

[akkoma] / lib / pleroma / plugs / user_is_admin_plug.ex

diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex
index 582fb1f9275ca6babdf930f0abc3a0225206cc15..3190163d3b6b172579dfb6f8a1ff725a7e059570 100644 (file)
--- a/lib/pleroma/plugs/user_is_admin_plug.ex
+++ b/lib/pleroma/plugs/user_is_admin_plug.ex
@@ -23,6 +23,7 @@ defmodule Pleroma.Plugs.UserIsAdminPlug do
       token && OAuth.Scopes.contains_admin_scopes?(token.scopes) ->
         # Note: checking for _any_ admin scope presence, not necessarily fitting requested action.
         #   Thus, controller must explicitly invoke OAuthScopesPlug to verify scope requirements.
+        #   Admin might opt out of admin scope for some apps to block any admin actions from them.
         conn
 
       true ->