mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-26 14:06:16 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

enforce scopes

Browse source
This commit is contained in:
tobi 2025-02-25 14:21:44 +01:00
commit 21d9edac54
191 changed files with 1473 additions and 648 deletions
Download patch file Download diff file Expand all files Collapse all files

11
internal/api/client/accounts/accountdelete.go
View file

@ -65,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
authed, err := apiutil.TokenAuth(c, true, true, true, true)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
authed, errWithCode := apiutil.TokenAuth(c,
true, true, true, true,
apiutil.ScopeWriteAccounts,
)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@ -79,7 +82,7 @@ func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
// Self account delete requires password to ensure it's for real.
if form.Password == "" {
err = errors.New("no password provided in account delete request")
err := errors.New("no password provided in account delete request")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}