mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-24 16:16:26 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

enforce scopes

Browse source
This commit is contained in:
tobi 2025-02-25 14:21:44 +01:00
commit 21d9edac54
191 changed files with 1473 additions and 648 deletions
Download patch file Download diff file Expand all files Collapse all files

13
internal/api/client/import/import.go
View file

@ -108,7 +108,7 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
//
// security:
// - OAuth2 Bearer:
// - write:accounts
// - write
//
// responses:
// '202':
@ -122,9 +122,12 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
// '500':
// description: internal server error
func (m *Module) ImportPOSTHandler(c *gin.Context) {
authed, err := apiutil.TokenAuth(c, true, true, true, true)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
authed, errWithCode := apiutil.TokenAuth(c,
true, true, true, true,
apiutil.ScopeWrite,
)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@ -178,7 +181,7 @@ func (m *Module) ImportPOSTHandler(c *gin.Context) {
overwrite := form.Mode == "overwrite"
// Trigger the import.
errWithCode := m.processor.Account().ImportData(
errWithCode = m.processor.Account().ImportData(
c.Request.Context(),
authed.Account,
form.Data,