Added 'admin' & 'push' OAuth scopes #301

Closed

i1t wants to merge 3 commits from gitlab-mr-iid-69 into develop

pull from: gitlab-mr-iid-69

merge into: pleroma:develop

pleroma:coverage-stable

pleroma:gitlab-mr-iid-332

pleroma:renovate/sass-1.x

pleroma:gitlab-mr-iid-330

pleroma:renovate/babel-eslint-replacement

pleroma:gitlab-mr-iid-337

pleroma:renovate/autoprefixer-10.x

pleroma:gitlab-mr-iid-294

pleroma:renovate/babel-monorepo

pleroma:gitlab-mr-iid-320

pleroma:renovate/babel-loader-8.x

pleroma:gitlab-mr-iid-340

pleroma:remove-workers

pleroma:develop

pleroma:gitlab-mr-iid-339

pleroma:gitlab-mr-iid-307

pleroma:renovate/vue-test-utils-2.x

pleroma:gitlab-mr-iid-338

pleroma:renovate/element-ui-2.x

pleroma:gitlab-mr-iid-309

pleroma:gitlab-mr-iid-310

pleroma:gitlab-mr-iid-334

pleroma:gitlab-mr-iid-230

pleroma:renovate/vue-monorepo

pleroma:gitlab-mr-iid-336

pleroma:gitlab-mr-iid-335

pleroma:release/2.6

pleroma:gitlab-mr-iid-333

pleroma:gitlab-mr-iid-331

pleroma:renovate/vue-test-utils-1.x

pleroma:gitlab-mr-iid-304

pleroma:gitlab-mr-iid-329

pleroma:gitlab-mr-iid-328

pleroma:renovate/vuex-3.x

pleroma:gitlab-mr-iid-327

pleroma:gitlab-mr-iid-326

pleroma:stable

pleroma:gitlab-mr-iid-282

pleroma:release/2.5.0

pleroma:gitlab-mr-iid-324

pleroma:gitlab-mr-iid-323

pleroma:gitlab-mr-iid-322

pleroma:gitlab-mr-iid-321

pleroma:gitlab-mr-iid-319

pleroma:gitlab-mr-iid-318

pleroma:gitlab-mr-iid-317

pleroma:gitlab-mr-iid-316

pleroma:gitlab-mr-iid-315

pleroma:gitlab-mr-iid-313

pleroma:gitlab-mr-iid-314

pleroma:gitlab-mr-iid-312

pleroma:gitlab-mr-iid-311

pleroma:gitlab-mr-iid-305

pleroma:gitlab-mr-iid-258

pleroma:gitlab-mr-iid-306

pleroma:gitlab-mr-iid-308

pleroma:gitlab-mr-iid-303

pleroma:gitlab-mr-iid-302

pleroma:gitlab-mr-iid-301

pleroma:gitlab-mr-iid-300

pleroma:gitlab-mr-iid-299

pleroma:gitlab-mr-iid-298

pleroma:gitlab-mr-iid-277

pleroma:gitlab-mr-iid-297

pleroma:gitlab-mr-iid-255

pleroma:gitlab-mr-iid-296

pleroma:gitlab-mr-iid-295

pleroma:gitlab-mr-iid-285

pleroma:gitlab-mr-iid-288

pleroma:gitlab-mr-iid-248

pleroma:gitlab-mr-iid-293

pleroma:gitlab-mr-iid-292

pleroma:gitlab-mr-iid-291

pleroma:gitlab-mr-iid-290

pleroma:gitlab-mr-iid-275

pleroma:gitlab-mr-iid-270

pleroma:gitlab-mr-iid-269

pleroma:gitlab-mr-iid-289

pleroma:gitlab-mr-iid-286

pleroma:gitlab-mr-iid-287

pleroma:gitlab-mr-iid-256

pleroma:gitlab-mr-iid-209

pleroma:gitlab-mr-iid-284

pleroma:gitlab-mr-iid-194

pleroma:gitlab-mr-iid-283

pleroma:gitlab-mr-iid-281

pleroma:gitlab-mr-iid-280

pleroma:gitlab-mr-iid-279

pleroma:gitlab-mr-iid-278

pleroma:gitlab-mr-iid-276

pleroma:gitlab-mr-iid-274

pleroma:gitlab-mr-iid-273

pleroma:gitlab-mr-iid-272

pleroma:gitlab-mr-iid-271

pleroma:gitlab-mr-iid-268

pleroma:gitlab-mr-iid-267

pleroma:gitlab-mr-iid-266

pleroma:gitlab-mr-iid-260

pleroma:gitlab-mr-iid-262

pleroma:gitlab-mr-iid-264

pleroma:gitlab-mr-iid-263

pleroma:gitlab-mr-iid-261

pleroma:gitlab-mr-iid-265

pleroma:gitlab-mr-iid-259

pleroma:gitlab-mr-iid-257

pleroma:gitlab-mr-iid-254

pleroma:gitlab-mr-iid-253

pleroma:gitlab-mr-iid-251

pleroma:gitlab-mr-iid-252

pleroma:gitlab-mr-iid-250

pleroma:gitlab-mr-iid-249

pleroma:gitlab-mr-iid-247

pleroma:gitlab-mr-iid-246

pleroma:gitlab-mr-iid-245

pleroma:gitlab-mr-iid-244

pleroma:gitlab-mr-iid-243

pleroma:gitlab-mr-iid-242

pleroma:gitlab-mr-iid-241

pleroma:gitlab-mr-iid-236

pleroma:gitlab-mr-iid-240

pleroma:gitlab-mr-iid-216

pleroma:gitlab-mr-iid-239

pleroma:gitlab-mr-iid-238

pleroma:gitlab-mr-iid-237

pleroma:gitlab-mr-iid-235

pleroma:gitlab-mr-iid-234

pleroma:gitlab-mr-iid-233

pleroma:gitlab-mr-iid-232

pleroma:gitlab-mr-iid-231

pleroma:gitlab-mr-iid-229

pleroma:gitlab-mr-iid-228

pleroma:gitlab-mr-iid-227

pleroma:gitlab-mr-iid-226

pleroma:gitlab-mr-iid-225

pleroma:gitlab-mr-iid-224

pleroma:gitlab-mr-iid-217

pleroma:gitlab-mr-iid-223

pleroma:gitlab-mr-iid-221

pleroma:gitlab-mr-iid-222

pleroma:gitlab-mr-iid-220

pleroma:gitlab-mr-iid-219

pleroma:gitlab-mr-iid-213

pleroma:gitlab-mr-iid-212

pleroma:gitlab-mr-iid-218

pleroma:gitlab-mr-iid-215

pleroma:gitlab-mr-iid-214

pleroma:gitlab-mr-iid-211

pleroma:gitlab-mr-iid-210

pleroma:gitlab-mr-iid-207

pleroma:gitlab-mr-iid-208

pleroma:gitlab-mr-iid-206

pleroma:gitlab-mr-iid-205

pleroma:gitlab-mr-base-iid-208

pleroma:feature/dynamic-settings-rendering

pleroma:gitlab-mr-iid-203

pleroma:gitlab-mr-iid-204

pleroma:feature/render-settings-dynamically

pleroma:feature/fetchs-list-of-tabs

pleroma:gitlab-mr-iid-202

pleroma:gitlab-mr-iid-195

pleroma:gitlab-mr-iid-197

pleroma:feature/post-pagination

pleroma:gitlab-mr-iid-196

pleroma:gitlab-mr-iid-190

pleroma:feature/ability-to-add-custom-tags

pleroma:gitlab-mr-iid-188

pleroma:feature/settings-rollback

pleroma:gitlab-mr-iid-182

pleroma:gitlab-mr-iid-201

pleroma:gitlab-mr-iid-200

pleroma:gitlab-mr-iid-199

pleroma:gitlab-mr-iid-198

pleroma:gitlab-mr-iid-193

pleroma:gitlab-mr-iid-192

pleroma:gitlab-mr-iid-191

pleroma:gitlab-mr-iid-187

pleroma:gitlab-mr-iid-189

pleroma:gitlab-mr-iid-186

pleroma:gitlab-mr-iid-185

pleroma:gitlab-mr-iid-184

pleroma:feature/media-preview-proxy

pleroma:gitlab-mr-iid-183

pleroma:gitlab-mr-iid-181

pleroma:revert-fd9f0542

pleroma:feature/add-metrics-exporter-settings

pleroma:gitlab-mr-iid-165

pleroma:gitlab-mr-iid-180

pleroma:gitlab-mr-iid-179

pleroma:gitlab-mr-iid-169

pleroma:gitlab-mr-iid-171

pleroma:gitlab-mr-iid-178

pleroma:gitlab-mr-iid-177

pleroma:gitlab-mr-iid-176

pleroma:gitlab-mr-iid-175

pleroma:gitlab-mr-iid-159

pleroma:gitlab-mr-iid-174

pleroma:gitlab-mr-iid-173

pleroma:gitlab-mr-iid-172

pleroma:gitlab-mr-iid-170

pleroma:gitlab-mr-iid-167

pleroma:gitlab-mr-iid-168

pleroma:gitlab-mr-iid-166

pleroma:gitlab-mr-iid-164

pleroma:gitlab-mr-base-iid-183

pleroma:gitlab-mr-iid-163

pleroma:gitlab-mr-iid-162

pleroma:gitlab-mr-iid-161

pleroma:gitlab-mr-iid-160

pleroma:feature/update-styles

pleroma:gitlab-mr-iid-158

pleroma:gitlab-mr-iid-157

pleroma:gitlab-mr-iid-156

pleroma:gitlab-mr-iid-155

pleroma:gitlab-mr-iid-154

pleroma:gitlab-mr-iid-151

pleroma:gitlab-mr-iid-147

pleroma:gitlab-mr-iid-153

pleroma:gitlab-mr-iid-152

pleroma:gitlab-mr-iid-150

pleroma:gitlab-mr-iid-149

pleroma:gitlab-mr-iid-148

pleroma:gitlab-mr-iid-142

pleroma:gitlab-mr-iid-146

pleroma:gitlab-mr-iid-145

pleroma:gitlab-mr-iid-144

pleroma:gitlab-mr-iid-143

pleroma:gitlab-mr-iid-141

pleroma:gitlab-mr-iid-140

pleroma:gitlab-mr-iid-139

pleroma:gitlab-mr-iid-137

pleroma:gitlab-mr-iid-138

pleroma:gitlab-mr-iid-136

pleroma:gitlab-mr-iid-133

pleroma:gitlab-mr-iid-134

pleroma:gitlab-mr-iid-135

pleroma:gitlab-mr-iid-126

pleroma:gitlab-mr-iid-132

pleroma:gitlab-mr-iid-120

pleroma:gitlab-mr-iid-131

pleroma:gitlab-mr-iid-130

pleroma:gitlab-mr-iid-129

pleroma:gitlab-mr-iid-128

pleroma:gitlab-mr-iid-127

pleroma:gitlab-mr-iid-125

pleroma:gitlab-mr-iid-124

pleroma:gitlab-mr-iid-123

pleroma:gitlab-mr-iid-121

pleroma:gitlab-mr-iid-122

pleroma:gitlab-mr-iid-119

pleroma:gitlab-mr-base-iid-125

pleroma:gitlab-mr-iid-118

pleroma:gitlab-mr-iid-117

pleroma:gitlab-mr-base-iid-118

pleroma:gitlab-mr-iid-112

pleroma:gitlab-mr-iid-116

pleroma:gitlab-mr-iid-115

pleroma:gitlab-mr-iid-114

pleroma:gitlab-mr-iid-113

pleroma:gitlab-mr-base-iid-113

pleroma:gitlab-mr-base-iid-114

pleroma:gitlab-mr-base-iid-115

pleroma:gitlab-mr-base-iid-116

pleroma:gitlab-mr-iid-111

pleroma:gitlab-mr-iid-110

pleroma:gitlab-mr-iid-109

pleroma:gitlab-mr-iid-108

pleroma:gitlab-mr-iid-107

pleroma:gitlab-mr-iid-106

pleroma:gitlab-mr-iid-102

pleroma:gitlab-mr-iid-105

pleroma:gitlab-mr-iid-104

pleroma:gitlab-mr-iid-103

pleroma:gitlab-mr-iid-92

pleroma:gitlab-mr-iid-101

pleroma:gitlab-mr-iid-100

pleroma:gitlab-mr-iid-99

pleroma:gitlab-mr-iid-98

pleroma:gitlab-mr-iid-97

pleroma:gitlab-mr-iid-96

pleroma:gitlab-mr-iid-95

pleroma:gitlab-mr-iid-94

pleroma:gitlab-mr-iid-93

pleroma:gitlab-mr-iid-91

pleroma:gitlab-mr-iid-90

pleroma:gitlab-mr-iid-89

pleroma:gitlab-mr-iid-88

pleroma:gitlab-mr-iid-87

pleroma:gitlab-mr-iid-86

pleroma:gitlab-mr-iid-85

pleroma:gitlab-mr-iid-84

pleroma:gitlab-mr-iid-83

pleroma:gitlab-mr-iid-81

pleroma:gitlab-mr-iid-82

pleroma:gitlab-mr-iid-80

pleroma:gitlab-mr-iid-77

pleroma:gitlab-mr-iid-79

pleroma:gitlab-mr-iid-78

pleroma:gitlab-mr-iid-65

pleroma:gitlab-mr-iid-76

pleroma:gitlab-mr-iid-75

pleroma:gitlab-mr-iid-74

pleroma:gitlab-mr-iid-73

pleroma:gitlab-mr-iid-72

pleroma:gitlab-mr-iid-71

pleroma:gitlab-mr-iid-70

pleroma:gitlab-mr-iid-68

pleroma:gitlab-mr-iid-62

pleroma:gitlab-mr-iid-67

pleroma:gitlab-mr-iid-53

pleroma:gitlab-mr-base-iid-53

pleroma:gitlab-mr-iid-52

pleroma:gitlab-mr-iid-66

pleroma:gitlab-mr-base-iid-52

pleroma:gitlab-mr-iid-64

pleroma:gitlab-mr-iid-63

pleroma:gitlab-mr-base-iid-63

pleroma:gitlab-mr-base-iid-64

pleroma:gitlab-mr-iid-61

pleroma:gitlab-mr-base-iid-61

pleroma:gitlab-mr-iid-60

pleroma:gitlab-mr-base-iid-60

pleroma:gitlab-mr-iid-59

pleroma:gitlab-mr-base-iid-59

pleroma:gitlab-mr-iid-58

pleroma:gitlab-mr-base-iid-58

pleroma:gitlab-mr-iid-57

pleroma:gitlab-mr-base-iid-57

pleroma:gitlab-mr-iid-54

pleroma:gitlab-mr-base-iid-54

pleroma:gitlab-mr-iid-56

pleroma:gitlab-mr-base-iid-56

pleroma:gitlab-mr-iid-55

pleroma:gitlab-mr-base-iid-55

pleroma:gitlab-mr-iid-51

pleroma:gitlab-mr-iid-50

pleroma:gitlab-mr-base-iid-50

pleroma:gitlab-mr-base-iid-51

pleroma:gitlab-mr-iid-38

pleroma:gitlab-mr-base-iid-38

pleroma:gitlab-mr-iid-49

pleroma:gitlab-mr-base-iid-49

pleroma:gitlab-mr-iid-48

pleroma:gitlab-mr-base-iid-48

pleroma:gitlab-mr-iid-47

pleroma:gitlab-mr-base-iid-47

pleroma:gitlab-mr-iid-46

pleroma:gitlab-mr-base-iid-46

pleroma:gitlab-mr-iid-45

pleroma:gitlab-mr-base-iid-45

pleroma:gitlab-mr-iid-32

pleroma:gitlab-mr-base-iid-32

pleroma:gitlab-mr-iid-44

pleroma:gitlab-mr-base-iid-44

pleroma:gitlab-mr-iid-43

pleroma:gitlab-mr-base-iid-43

pleroma:gitlab-mr-iid-42

pleroma:gitlab-mr-iid-41

pleroma:gitlab-mr-base-iid-41

pleroma:gitlab-mr-base-iid-42

pleroma:gitlab-mr-iid-40

pleroma:gitlab-mr-base-iid-40

pleroma:gitlab-mr-iid-39

pleroma:gitlab-mr-base-iid-39

pleroma:gitlab-mr-iid-37

pleroma:gitlab-mr-base-iid-37

pleroma:gitlab-mr-iid-29

pleroma:gitlab-mr-base-iid-29

pleroma:gitlab-mr-iid-31

pleroma:gitlab-mr-base-iid-31

pleroma:gitlab-mr-iid-36

pleroma:gitlab-mr-base-iid-36

pleroma:gitlab-mr-iid-35

pleroma:gitlab-mr-base-iid-35

pleroma:gitlab-mr-iid-34

pleroma:gitlab-mr-base-iid-34

pleroma:gitlab-mr-iid-33

pleroma:gitlab-mr-base-iid-33

pleroma:gitlab-mr-iid-30

pleroma:gitlab-mr-iid-28

pleroma:gitlab-mr-base-iid-28

pleroma:gitlab-mr-base-iid-30

pleroma:gitlab-mr-iid-12

pleroma:gitlab-mr-base-iid-12

pleroma:gitlab-mr-iid-27

pleroma:gitlab-mr-base-iid-27

pleroma:gitlab-mr-iid-26

pleroma:gitlab-mr-iid-24

pleroma:gitlab-mr-iid-25

pleroma:gitlab-mr-base-iid-24

pleroma:gitlab-mr-base-iid-25

pleroma:gitlab-mr-base-iid-26

pleroma:gitlab-mr-iid-23

pleroma:gitlab-mr-base-iid-23

pleroma:gitlab-mr-iid-22

pleroma:gitlab-mr-base-iid-22

pleroma:gitlab-mr-iid-21

pleroma:gitlab-mr-base-iid-21

pleroma:gitlab-mr-iid-20

pleroma:gitlab-mr-base-iid-20

pleroma:gitlab-mr-iid-11

pleroma:gitlab-mr-iid-17

pleroma:gitlab-mr-iid-19

pleroma:gitlab-mr-base-iid-11

pleroma:gitlab-mr-base-iid-17

pleroma:gitlab-mr-base-iid-19

pleroma:gitlab-mr-iid-18

pleroma:gitlab-mr-base-iid-18

pleroma:gitlab-mr-iid-16

pleroma:gitlab-mr-base-iid-16

pleroma:gitlab-mr-iid-15

pleroma:gitlab-mr-base-iid-15

pleroma:gitlab-mr-iid-14

pleroma:gitlab-mr-base-iid-14

pleroma:gitlab-mr-iid-13

pleroma:gitlab-mr-base-iid-13

pleroma:gitlab-mr-iid-10

pleroma:gitlab-mr-base-iid-10

pleroma:gitlab-mr-iid-9

pleroma:gitlab-mr-base-iid-9

pleroma:gitlab-mr-iid-8

pleroma:gitlab-mr-base-iid-8

pleroma:gitlab-mr-iid-7

pleroma:gitlab-mr-base-iid-7

pleroma:gitlab-mr-iid-6

pleroma:gitlab-mr-iid-5

pleroma:gitlab-mr-base-iid-6

pleroma:gitlab-mr-iid-4

pleroma:gitlab-mr-base-iid-4

pleroma:gitlab-mr-iid-3

pleroma:gitlab-mr-base-iid-5

pleroma:gitlab-mr-iid-2

pleroma:gitlab-mr-base-iid-2

pleroma:gitlab-mr-base-iid-3

pleroma:gitlab-mr-iid-1

pleroma:gitlab-mr-base-iid-1

Conversation 12 Commits 3 Files changed 4 +4 -2

i1t commented 2019-12-07 14:53:48 +00:00

Member

Copy link

AdminFE support for pleroma/pleroma#5403

PleromaFE support for admin scope (required for "Login with PleromaFE" feature): pleroma/pleroma-fe#2291

Note: push scope is also added since it's a standard scope, and AdminFE should be full-featured. Open to removing it if there are arguments against it.

Note: disabled PleromaFE login feature since PleromaFE shouldn't request admin scope.

AdminFE support for https://git.pleroma.social/pleroma/pleroma/pulls/5403 PleromaFE support for `admin` scope (required for "Login with PleromaFE" feature): https://git.pleroma.social/pleroma/pleroma-fe/pulls/2291 Note: `push` scope is also added since it's a standard scope, and AdminFE should be full-featured. Open to removing it if there are arguments against it. Note: disabled PleromaFE login feature since PleromaFE shouldn't request admin scope.

maxf commented 2019-12-07 18:28:01 +00:00

Member

Copy link

It's a pity, since it was a handy feature :( Nothing to do, but delete it though, I guess. I'm ok with having push scope as well.

Could you please remove login feature altogether then, not just disable it?

It's a pity, since it was a handy feature :( Nothing to do, but delete it though, I guess. I'm ok with having `push` scope as well. Could you please remove login feature altogether then, not just disable it?

rinpatch commented 2019-12-07 19:18:30 +00:00

Member

Copy link

Note: disabled PleromaFE login feature since PleromaFE shouldn't request admin scope.

No it should, pleroma-fe has moderation features integrated into it

> Note: disabled PleromaFE login feature since PleromaFE shouldn't request admin scope. No it should, pleroma-fe has moderation features integrated into it

i1t commented 2019-12-07 19:19:41 +00:00

Author

Member

Copy link

@rinpatch, so I guess we add admin scope to PleromaFE and reenable PleromaFE login feature in AdminFE, correct?

@rinpatch, so I guess we add `admin` scope to PleromaFE and reenable PleromaFE login feature in AdminFE, correct?

rinpatch commented 2019-12-07 20:22:44 +00:00

Member

Copy link

yes

yes

i1t commented 2019-12-10 20:41:39 +00:00

Author

Member

Copy link

@rinpatch BE MR was merged, please merge this one.

@rinpatch BE MR was merged, please merge this one.

maxf commented 2019-12-10 20:50:14 +00:00

Member

Copy link

Don't merge it yet, it's not working locally for me

Don't merge it yet, it's not working locally for me

maxf commented 2019-12-10 20:51:02 +00:00

Member

Copy link

[error] #PID<0.869.0> running Pleroma.Web.Endpoint (connection #PID<0.862.0>, stream id 4) terminated
Server: localhost:4000 (http)
Request: GET /api/pleroma/admin/users?page=1&filters=
** (exit) an exception was raised:
    ** (FunctionClauseError) no function clause matching in String.starts_with?/2
        (elixir) lib/string.ex:1992: String.starts_with?(["read:accounts"], "read:")
        (elixir) lib/enum.ex:2948: Enum.find_list/3
        (elixir) lib/enum.ex:2934: Enum.filter_list/2
        (elixir) lib/enum.ex:2935: Enum.filter_list/2
        (pleroma) lib/pleroma/plugs/oauth_scopes_plug.ex:27: Pleroma.Plugs.OAuthScopesPlug.call/2
        (pleroma) lib/pleroma/web/admin_api/admin_api_controller.ex:5: Pleroma.Web.AdminAPI.AdminAPIController.phoenix_controller_pipeline/2
        (pleroma) lib/pleroma/web/endpoint.ex:5: Pleroma.Web.Endpoint.instrument/4
        (phoenix) lib/phoenix/router.ex:288: Phoenix.Router.__call__/2
        (pleroma) lib/pleroma/web/endpoint.ex:5: Pleroma.Web.Endpoint.plug_builder_call/2
        (pleroma) lib/plug/debugger.ex:122: Pleroma.Web.Endpoint."call (overridable 3)"/2
        (pleroma) lib/pleroma/web/endpoint.ex:5: Pleroma.Web.Endpoint.call/2
        (phoenix) lib/phoenix/endpoint/cowboy2_handler.ex:42: Phoenix.Endpoint.Cowboy2Handler.init/4
        (cowboy) /Users/max/Code/Pleroma/pleroma/deps/cowboy/src/cowboy_handler.erl:41: :cowboy_handler.execute/2
        (cowboy) /Users/max/Code/Pleroma/pleroma/deps/cowboy/src/cowboy_stream_h.erl:320: :cowboy_stream_h.execute/3
        (cowboy) /Users/max/Code/Pleroma/pleroma/deps/cowboy/src/cowboy_stream_h.erl:302: :cowboy_stream_h.request_process/3
        (stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3

``` [error] #PID<0.869.0> running Pleroma.Web.Endpoint (connection #PID<0.862.0>, stream id 4) terminated Server: localhost:4000 (http) Request: GET /api/pleroma/admin/users?page=1&filters= ** (exit) an exception was raised: ** (FunctionClauseError) no function clause matching in String.starts_with?/2 (elixir) lib/string.ex:1992: String.starts_with?(["read:accounts"], "read:") (elixir) lib/enum.ex:2948: Enum.find_list/3 (elixir) lib/enum.ex:2934: Enum.filter_list/2 (elixir) lib/enum.ex:2935: Enum.filter_list/2 (pleroma) lib/pleroma/plugs/oauth_scopes_plug.ex:27: Pleroma.Plugs.OAuthScopesPlug.call/2 (pleroma) lib/pleroma/web/admin_api/admin_api_controller.ex:5: Pleroma.Web.AdminAPI.AdminAPIController.phoenix_controller_pipeline/2 (pleroma) lib/pleroma/web/endpoint.ex:5: Pleroma.Web.Endpoint.instrument/4 (phoenix) lib/phoenix/router.ex:288: Phoenix.Router.__call__/2 (pleroma) lib/pleroma/web/endpoint.ex:5: Pleroma.Web.Endpoint.plug_builder_call/2 (pleroma) lib/plug/debugger.ex:122: Pleroma.Web.Endpoint."call (overridable 3)"/2 (pleroma) lib/pleroma/web/endpoint.ex:5: Pleroma.Web.Endpoint.call/2 (phoenix) lib/phoenix/endpoint/cowboy2_handler.ex:42: Phoenix.Endpoint.Cowboy2Handler.init/4 (cowboy) /Users/max/Code/Pleroma/pleroma/deps/cowboy/src/cowboy_handler.erl:41: :cowboy_handler.execute/2 (cowboy) /Users/max/Code/Pleroma/pleroma/deps/cowboy/src/cowboy_stream_h.erl:320: :cowboy_stream_h.execute/3 (cowboy) /Users/max/Code/Pleroma/pleroma/deps/cowboy/src/cowboy_stream_h.erl:302: :cowboy_stream_h.request_process/3 (stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3 ```

i1t commented 2019-12-11 08:58:28 +00:00

Author

Member

Copy link

@maxf, thanks for spotting this, the issue was caused by last-moment refactoring in BE MR, argh. Fixed in pleroma/pleroma#5431 (merged). Pl. retry with the latest develop branch (older, pre-pleroma/pleroma#5403 ones, will also work fine).

@maxf, thanks for spotting this, the issue was caused by last-moment refactoring in BE MR, argh. Fixed in https://git.pleroma.social/pleroma/pleroma/pulls/5431 (merged). Pl. retry with the latest develop branch (older, pre-https://git.pleroma.social/pleroma/pleroma/pulls/5403 ones, will also work fine).

maxf commented 2019-12-11 09:03:03 +00:00

Member

Copy link

Yep, everything works now

Yep, everything works now

i1t commented 2019-12-12 09:54:35 +00:00

Author

Member

Copy link

BE would currently reject any admin scope requested by a non-admin user. So, for moderation features, we should eiher:

• provide non-admin endpoints to access them and do extra checks in them (doesn't sound like the best option)

• provide a narrow moderation-specific admin scope (e.g. admin:moderation) and allow BE to grant those to non-admin users (confusing, seem wrong)

• make BE gracefully drop admin scopes for non-admin users (without raising an error on unsupported scopes being requested) — seems the best approach to me.

Your thoughts?

BE would currently reject any admin scope requested by a non-admin user. So, for moderation features, we should eiher: * provide non-admin endpoints to access them and do extra checks in them (doesn't sound like the best option) * provide a narrow moderation-specific admin scope (e.g. `admin:moderation`) and allow BE to grant those to non-admin users (confusing, seem wrong) * make BE gracefully drop admin scopes for non-admin users (without raising an error on unsupported scopes being requested) — seems the best approach to me. Your thoughts?

i1t commented 2019-12-12 10:33:30 +00:00

Author

Member

Copy link

@rinpatch What are the endpoints which moderation features use? We can consider using moderate scope for them (and always request it just like admin but silently reject such scopes on BE side if user is not moderator / is not admin).

@rinpatch What are the endpoints which moderation features use? We can consider using `moderate` scope for them (and always request it just like `admin` but silently reject such scopes on BE side if user is not moderator / is not admin).

rinpatch commented 2019-12-12 11:24:05 +00:00

Member

Copy link

@i1t

make BE gracefully drop admin scopes for non-admin users (without raising an error on unsupported scopes being requested) — seems the best approach to me.

Yes, this is what I think we should do as well

What are the endpoints which moderation features use? We can consider using moderate scope for them (and always request it just like admin but silently reject such scopes on BE side if user is not moderator / is not admin).

Let's discuss moving moderation features under moderation scope in a separate issue

@i1t > make BE gracefully drop admin scopes for non-admin users (without raising an error on unsupported scopes being requested) — seems the best approach to me. Yes, this is what I think we should do as well > What are the endpoints which moderation features use? We can consider using `moderate` scope for them (and always request it just like `admin` but silently reject such scopes on BE side if user is not moderator / is not admin). Let's discuss moving moderation features under moderation scope in a separate issue

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

blocked

  

stale

No labels

blocked

stale

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pleroma/admin-fe!301

No description provided.