From c99b89f780f9d561ac0fbc2acf61291006396071 Mon Sep 17 00:00:00 2001
From: Vyr Cossont <vyr@noreply.codeberg.org>
Date: Mon, 13 Oct 2025 19:15:24 +0200
Subject: [feature] granular admin scopes for custom emojis (#4489)

This PR adds admin equivalents of the `read:custom_emojis` OAuth scope: `admin:read:custom_emojis` and `admin:write:custom_emojis`.

This is so tools which only touch emojis can run without other admin permissions. (`slurp emojis import` is one such tool.)

I've also sorted the admin section of the scopes lists alphabetically like the non-admin section, and updated the Swagger test script to print the same command path that it actually runs.

## API compatibility

Neither [Mastodon](https://docs.joinmastodon.org/api/oauth-scopes/) nor Akkoma nor Iceshrimp.NET has an equivalent scope, so there are no alternate scope names to worry about.

Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4489
Co-authored-by: Vyr Cossont <vyr@noreply.codeberg.org>
Co-committed-by: Vyr Cossont <vyr@noreply.codeberg.org>
---
 docs/api/swagger.yaml | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

(limited to 'docs/api')

diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml
index 7de635d1e..3454364a1 100644
--- a/docs/api/swagger.yaml
+++ b/docs/api/swagger.yaml
@@ -3849,11 +3849,13 @@ info:
         admin: grants admin access to everything
         admin:read: grants admin read access to everything
         admin:read:accounts: grants admin read access to accounts
+        admin:read:custom_emojis: grants admin read access to custom emojis
         admin:read:domain_allows: grants admin read access to domain_allows
         admin:read:domain_blocks: grants admin read access to domain_blocks
         admin:read:reports: grants admin read access to reports
         admin:write: grants admin write access to everything
         admin:write:accounts: grants write read access to accounts
+        admin:write:custom_emojis: grants admin write access to custom emojis
         admin:write:domain_allows: grants admin write access to domain_allows
         admin:write:domain_blocks: grants write read access to domain_blocks
         admin:write:reports: grants admin write access to reports
@@ -5551,7 +5553,7 @@ paths:
                     description: internal server error
             security:
                 - OAuth2 Bearer:
-                    - admin:read
+                    - admin:read:custom_emojis
             summary: View local and remote emojis available to / known by this instance.
             tags:
                 - admin
@@ -5598,7 +5600,7 @@ paths:
                     description: internal server error
             security:
                 - OAuth2 Bearer:
-                    - admin:write
+                    - admin:write:custom_emojis
             summary: Upload and create a new instance emoji.
             tags:
                 - admin
@@ -5638,7 +5640,7 @@ paths:
                     description: internal server error
             security:
                 - OAuth2 Bearer:
-                    - admin:write
+                    - admin:write:custom_emojis
             summary: Delete a **local** emoji with the given ID from the instance.
             tags:
                 - admin
@@ -5671,7 +5673,7 @@ paths:
                     description: internal server error
             security:
                 - OAuth2 Bearer:
-                    - admin:read
+                    - admin:read:custom_emojis
             summary: Get the admin view of a single emoji.
             tags:
                 - admin
@@ -5743,7 +5745,7 @@ paths:
                     description: internal server error
             security:
                 - OAuth2 Bearer:
-                    - admin:write
+                    - admin:write:custom_emojis
             summary: Perform admin action on a local or remote emoji known to this instance.
             tags:
                 - admin
@@ -5773,7 +5775,7 @@ paths:
                     description: internal server error
             security:
                 - OAuth2 Bearer:
-                    - admin:read
+                    - admin:read:custom_emojis
             summary: Get a list of existing emoji categories.
             tags:
                 - admin
@@ -13933,13 +13935,15 @@ securityDefinitions:
             admin: grants admin access to everything
             admin:read: grants admin read access to everything
             admin:read:accounts: grants admin read access to accounts
-            admin:read:domain_allows: grants admin read access to domain_allows
-            admin:read:domain_blocks: grants admin read access to domain_blocks
+            admin:read:custom_emojis: grants admin read access to custom emojis
+            admin:read:domain_allows: grants admin read access to domain allows
+            admin:read:domain_blocks: grants admin read access to domain blocks
             admin:read:reports: grants admin read access to reports
             admin:write: grants admin write access to everything
             admin:write:accounts: grants write read access to accounts
-            admin:write:domain_allows: grants admin write access to domain_allows
-            admin:write:domain_blocks: grants write read access to domain_blocks
+            admin:write:custom_emojis: grants admin write access to custom emojis
+            admin:write:domain_allows: grants admin write access to domain allows
+            admin:write:domain_blocks: grants write read access to domain blocks
             admin:write:reports: grants admin write access to reports
             profile: grants read access to verify_credentials
             push: grants read/write access to push
-- 
cgit v1.2.3