Make backups require its own scope
This commit is contained in:
parent
b2ba307f4d
commit
a7f01ffc1d
2 changed files with 3 additions and 3 deletions
|
@ -9,7 +9,7 @@ defmodule Pleroma.Web.PleromaAPI.BackupController do
|
|||
alias Pleroma.Web.Plugs.OAuthScopesPlug
|
||||
|
||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||
plug(OAuthScopesPlug, %{scopes: ["read:accounts"]} when action in [:index, :create])
|
||||
plug(OAuthScopesPlug, %{scopes: ["read:backups"]} when action in [:index, :create])
|
||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||
|
||||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaBackupOperation
|
||||
|
|
|
@ -11,7 +11,7 @@ defmodule Pleroma.Web.PleromaAPI.BackupControllerTest do
|
|||
setup do
|
||||
clear_config([Pleroma.Upload, :uploader])
|
||||
clear_config([Backup, :limit_days])
|
||||
oauth_access(["read:accounts"])
|
||||
oauth_access(["read:backups"])
|
||||
end
|
||||
|
||||
test "GET /api/v1/pleroma/backups", %{user: user, conn: conn} do
|
||||
|
@ -85,7 +85,7 @@ test "POST /api/v1/pleroma/backups", %{user: _user, conn: conn} do
|
|||
|
||||
test "Backup without email address" do
|
||||
user = Pleroma.Factory.insert(:user, email: nil)
|
||||
%{conn: conn} = oauth_access(["read:accounts"], user: user)
|
||||
%{conn: conn} = oauth_access(["read:backups"], user: user)
|
||||
|
||||
assert is_nil(user.email)
|
||||
|
||||
|
|
Loading…
Reference in a new issue