X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Foauth_scopes_plug.ex;h=f2bfa2b1a7c9e3699fb6c97d841783ffce5b0d81;hb=5402d04e3cd2d45472092942fec2c9302c48f64f;hp=a81e298307a7963a9785d292e2cfcef8c1da957d;hpb=063baca5e4f3a100c0d45dffb14e4968599ef43b;p=akkoma

diff --git a/lib/pleroma/plugs/oauth_scopes_plug.ex b/lib/pleroma/plugs/oauth_scopes_plug.ex
index a81e29830..f2bfa2b1a 100644
--- a/lib/pleroma/plugs/oauth_scopes_plug.ex
+++ b/lib/pleroma/plugs/oauth_scopes_plug.ex
@@ -7,22 +7,35 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
 
   @behaviour Plug
 
-  def init(%{required_scopes: _} = options), do: options
+  def init(%{scopes: _} = options), do: options
 
-  def call(%Plug.Conn{assigns: assigns} = conn, %{required_scopes: required_scopes}) do
+  def call(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
+    op = options[:op] || :|
     token = assigns[:token]
-    granted_scopes = token && token.scopes
-
-    if is_nil(token) || required_scopes -- granted_scopes == [] do
-      conn
-    else
-      missing_scopes = required_scopes -- granted_scopes
-      error_message = "Insufficient permissions: #{Enum.join(missing_scopes, ", ")}."
-
-      conn
-      |> put_resp_content_type("application/json")
-      |> send_resp(403, Jason.encode!(%{error: error_message}))
-      |> halt()
+
+    cond do
+      is_nil(token) ->
+        conn
+
+      op == :| && scopes -- token.scopes != scopes ->
+        conn
+
+      op == :& && scopes -- token.scopes == [] ->
+        conn
+
+      options[:fallback] == :proceed_unauthenticated ->
+        conn
+        |> assign(:user, nil)
+        |> assign(:token, nil)
+
+      true ->
+        missing_scopes = scopes -- token.scopes
+        error_message = "Insufficient permissions: #{Enum.join(missing_scopes, " #{op} ")}."
+
+        conn
+        |> put_resp_content_type("application/json")
+        |> send_resp(403, Jason.encode!(%{error: error_message}))
+        |> halt()
     end
   end
 end