Enforces of OAuth scopes check for authenticated API endpoints.
Adds :skip_plug plug to mark a plug explicitly skipped (disabled).
Solves the problem of potentially "forgotten" or incorrect OAuthScopesPlug calls which would result in security breaches. Some of the reasons such issue could happen:
- developer(s) could be unaware of (hopefully not) or forget to define
OAuthScopesPlugcall for specific action - action was moved to another controller (and
OAuthScopesPlugnot propagated) - action was renamed (with
OAuthScopesPlugcall's guard clause unmodified)
With this MR an automatic check whether OAuthScopesPlug was either called or explicitly skipped (via :skip_plug plug) is performed. If the check is failed, HTTP 403 is returned.