mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-24 16:46:21 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

enforce scopes

Browse source
This commit is contained in:
tobi 2025-02-25 14:21:44 +01:00
commit 21d9edac54
191 changed files with 1473 additions and 648 deletions
Download patch file Download diff file Expand all files Collapse all files

11
internal/api/client/lists/listupdate.go
View file

@ -102,9 +102,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListUpdatePUTHandler(c *gin.Context) {
authed, err := apiutil.TokenAuth(c, true, true, true, true)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
authed, errWithCode := apiutil.TokenAuth(c,
true, true, true, true,
apiutil.ScopeWriteLists,
)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@ -151,7 +154,7 @@ func (m *Module) ListUpdatePUTHandler(c *gin.Context) {
}
if form.Title == nil && repliesPolicy == nil && form.Exclusive == nil {
err = errors.New("neither title nor replies_policy nor exclusive was set; nothing to update")
err := errors.New("neither title nor replies_policy nor exclusive was set; nothing to update")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}