t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions

add: grant scopes for all community endpoints

Browse source
This commit is contained in:
trisua 2025-06-13 12:49:09 -04:00
parent ca8f510a3a
commit c3139ef1d2
10 changed files with 342 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

10
crates/app/src/routes/api/v1/communities/questions.rs
View file

@ -5,7 +5,9 @@ use axum::{
Extension, Json,
};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{addr::RemoteAddr, auth::IpBlock, communities::Question, ApiReturn, Error};
use tetratto_core::model::{
addr::RemoteAddr, auth::IpBlock, communities::Question, ApiReturn, Error, oauth,
};
use crate::{get_user_from_token, routes::api::v1::CreateQuestion, State};
pub async fn create_request(
@ -15,7 +17,7 @@ pub async fn create_request(
Json(req): Json<CreateQuestion>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = get_user_from_token!(jar, data);
let user = get_user_from_token!(jar, data, oauth::AppScope::UserCreateQuestions);
if req.is_global && user.is_none() {
return Json(Error::NotAllowed.into());
@ -75,7 +77,7 @@ pub async fn delete_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserDeleteQuestions) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -96,7 +98,7 @@ pub async fn ip_block_request(
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserCreateIpBlock) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};