diff options
Diffstat (limited to 'internal/api/client/admin/domainpermission.go')
| -rw-r--r-- | internal/api/client/admin/domainpermission.go | 70 |
1 files changed, 57 insertions, 13 deletions
diff --git a/internal/api/client/admin/domainpermission.go b/internal/api/client/admin/domainpermission.go index 5138be898..c64c90eb2 100644 --- a/internal/api/client/admin/domainpermission.go +++ b/internal/api/client/admin/domainpermission.go @@ -29,7 +29,6 @@ import ( apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) type singleDomainPermCreate func( @@ -63,9 +62,20 @@ func (m *Module) createDomainPermissions( single singleDomainPermCreate, multi multiDomainPermCreate, ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminWriteDomainBlocks + } else { + requireScope = apiutil.ScopeAdminWriteDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } @@ -98,6 +108,7 @@ func (m *Module) createDomainPermissions( return } + var err error if importing && form.Domains.Size == 0 { err = errors.New("import was specified but list of domains is empty") } else if !importing && form.Domain == "" { @@ -171,9 +182,20 @@ func (m *Module) deleteDomainPermission( c *gin.Context, permType gtsmodel.DomainPermissionType, // block/allow ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminWriteDomainBlocks + } else { + requireScope = apiutil.ScopeAdminWriteDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } @@ -218,9 +240,20 @@ func (m *Module) getDomainPermission( c *gin.Context, permType gtsmodel.DomainPermissionType, ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminReadDomainBlocks + } else { + requireScope = apiutil.ScopeAdminReadDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } @@ -266,9 +299,20 @@ func (m *Module) getDomainPermissions( c *gin.Context, permType gtsmodel.DomainPermissionType, ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminReadDomainBlocks + } else { + requireScope = apiutil.ScopeAdminReadDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } |