Make backups require its own scope

2022-08-09 00:34:04 -04:00 · 2022-08-09 00:34:04 -04:00 · a7f01ffc1d
parent b2ba307f4d
commit a7f01ffc1d
2 changed files with 3 additions and 3 deletions
--- a/lib/pleroma/web/pleroma_api/controllers/backup_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/backup_controller.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Web.PleromaAPI.BackupController do
  alias Pleroma.Web.Plugs.OAuthScopesPlug
  action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
-  plug(OAuthScopesPlug, %{scopes: ["read:accounts"]} when action in [:index, :create])
+  plug(OAuthScopesPlug, %{scopes: ["read:backups"]} when action in [:index, :create])
  plug(Pleroma.Web.ApiSpec.CastAndValidate)
  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaBackupOperation
--- a/test/pleroma/web/pleroma_api/controllers/backup_controller_test.exs
+++ b/test/pleroma/web/pleroma_api/controllers/backup_controller_test.exs
@ -11,7 +11,7 @@ defmodule Pleroma.Web.PleromaAPI.BackupControllerTest do
  setup do
    clear_config([Pleroma.Upload, :uploader])
    clear_config([Backup, :limit_days])
-    oauth_access(["read:accounts"])
+    oauth_access(["read:backups"])
  end
  test "GET /api/v1/pleroma/backups", %{user: user, conn: conn} do
@ -85,7 +85,7 @@ test "POST /api/v1/pleroma/backups", %{user: _user, conn: conn} do
  test "Backup without email address" do
    user = Pleroma.Factory.insert(:user, email: nil)
-    %{conn: conn} = oauth_access(["read:accounts"], user: user)
+    %{conn: conn} = oauth_access(["read:backups"], user: user)
    assert is_nil(user.email)