add: grant scopes for all community endpoints

crates/app/src/routes/api/v1/communities/images.rs

@@ -2,7 +2,7 @@ use axum::{Extension, Json, body::Body, extract::Path, response::IntoResponse};
 use axum_extra::extract::CookieJar;
 use pathbufd::{PathBufD, pathd};
 use std::fs::exists;
-use tetratto_core::model::{ApiReturn, Error, permissions::FinePermission};
+use tetratto_core::model::{ApiReturn, Error, permissions::FinePermission, oauth};
 
 use crate::{
     State,
@@ -110,7 +110,7 @@ pub async fn upload_avatar_request(
 ) -> impl IntoResponse {
     // get user from token
     let data = &(data.read().await).0;
-    let auth_user = match get_user_from_token!(jar, data) {
+    let auth_user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
         Some(ua) => ua,
         None => return Json(Error::NotAllowed.into()),
     };
@@ -165,7 +165,7 @@ pub async fn upload_banner_request(
 ) -> impl IntoResponse {
     // get user from token
     let data = &(data.read().await).0;
-    let auth_user = match get_user_from_token!(jar, data) {
+    let auth_user = match get_user_from_token!(jar, data, oauth::AppScope::CommunityManage) {
         Some(ua) => ua,
         None => return Json(Error::NotAllowed.into()),
     };