From c99b89f780f9d561ac0fbc2acf61291006396071 Mon Sep 17 00:00:00 2001 From: Vyr Cossont Date: Mon, 13 Oct 2025 19:15:24 +0200 Subject: [feature] granular admin scopes for custom emojis (#4489) This PR adds admin equivalents of the `read:custom_emojis` OAuth scope: `admin:read:custom_emojis` and `admin:write:custom_emojis`. This is so tools which only touch emojis can run without other admin permissions. (`slurp emojis import` is one such tool.) I've also sorted the admin section of the scopes lists alphabetically like the non-admin section, and updated the Swagger test script to print the same command path that it actually runs. ## API compatibility Neither [Mastodon](https://docs.joinmastodon.org/api/oauth-scopes/) nor Akkoma nor Iceshrimp.NET has an equivalent scope, so there are no alternate scope names to worry about. Co-authored-by: tobi Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4489 Co-authored-by: Vyr Cossont Co-committed-by: Vyr Cossont --- internal/api/util/scopes.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'internal/api/util/scopes.go') diff --git a/internal/api/util/scopes.go b/internal/api/util/scopes.go index 492fa9dad..13e547286 100644 --- a/internal/api/util/scopes.go +++ b/internal/api/util/scopes.go @@ -86,12 +86,14 @@ const ( ScopeWriteStatuses Scope = ScopeWrite + ":" + scopeStatuses ScopeAdminReadAccounts Scope = ScopeAdminRead + ":" + scopeAccounts ScopeAdminWriteAccounts Scope = ScopeAdminWrite + ":" + scopeAccounts - ScopeAdminReadReports Scope = ScopeAdminRead + ":" + scopeReports - ScopeAdminWriteReports Scope = ScopeAdminWrite + ":" + scopeReports + ScopeAdminReadCustomEmojis Scope = ScopeAdminRead + ":" + scopeCustomEmojis + ScopeAdminWriteCustomEmojis Scope = ScopeAdminWrite + ":" + scopeCustomEmojis ScopeAdminReadDomainAllows Scope = ScopeAdminRead + ":" + scopeDomainAllows ScopeAdminWriteDomainAllows Scope = ScopeAdminWrite + ":" + scopeDomainAllows ScopeAdminReadDomainBlocks Scope = ScopeAdminRead + ":" + scopeDomainBlocks ScopeAdminWriteDomainBlocks Scope = ScopeAdminWrite + ":" + scopeDomainBlocks + ScopeAdminReadReports Scope = ScopeAdminRead + ":" + scopeReports + ScopeAdminWriteReports Scope = ScopeAdminWrite + ":" + scopeReports ) // Permits returns true if the -- cgit v1.2.3