Add write_changeset_comments scope

diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb
index c62f65368a32a2243c73994afd0b58a4531ef417..a0340c5cd6fc30c7d0d25122bf8da9c3af379cdb 100644 (file)
--- a/app/abilities/api_ability.rb
+++ b/app/abilities/api_ability.rb
@@ -31,13 +31,13 @@ class ApiAbility
         can :create, Message if scopes.include?("send_messages")
 
         if user.terms_agreed?
-          can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_api")
-          can :create, ChangesetComment if scopes.include?("write_api")
-          can [:create, :update, :destroy], [Node, Way, Relation] if scopes.include?("write_api")
+          can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_map")
+          can :create, ChangesetComment if scopes.include?("write_changeset_comments")
+          can [:create, :update, :destroy], [Node, Way, Relation] if scopes.include?("write_map")
         end
 
         if user.moderator?
-          can [:destroy, :restore], ChangesetComment if scopes.include?("write_api")
+          can [:destroy, :restore], ChangesetComment if scopes.include?("write_changeset_comments")
 
           can :destroy, Note if scopes.include?("write_notes")
 

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 86924d55d0e5a3a64cec9c385ab292604679d200..bcd43a273020bb2da68575e692c3593b5b25fa1d 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -67,6 +67,11 @@ class ApiController < ApplicationController
     if doorkeeper_token&.accessible?
       user = User.find(doorkeeper_token.resource_owner_id)
       scopes = Set.new doorkeeper_token.scopes
+      if scopes.include?("write_api")
+        scopes.add("write_map")
+        scopes.add("write_changeset_comments")
+        scopes.delete("write_api")
+      end
       ApiAbility.new(user, scopes)
     else
       ApiAbility.new(nil, Set.new)

diff --git a/config/locales/en.yml b/config/locales/en.yml
index 9aabfc92aa071d49a5c7bdceab40a027b5b353b2..5571a4232228b90528646e785331395183fcc286 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -87,12 +87,13 @@ en:
         url: Main Application URL (Required)
         callback_url: Callback URL
         support_url: Support URL
-        allow_read_prefs:  read their user preferences
+        allow_read_prefs: read their user preferences
         allow_write_prefs: modify their user preferences
         allow_write_diary: create diary entries and comments
-        allow_write_api:   modify the map
-        allow_read_gpx:    read their private GPS traces
-        allow_write_gpx:   upload GPS traces
+        allow_write_api: modify the map
+        allow_write_changeset_comments: comment on changesets
+        allow_read_gpx: read their private GPS traces
+        allow_write_gpx: upload GPS traces
         allow_write_notes: modify notes
       diary_comment:
         body: "Body"
@@ -2697,6 +2698,7 @@ en:
       write_prefs: Modify user preferences
       write_diary: Create diary entries and comments
       write_api: Modify the map
+      write_changeset_comments: Comment on changesets
       read_gpx: Read private GPS traces
       write_gpx: Upload GPS traces
       write_notes: Modify notes

diff --git a/lib/oauth.rb b/lib/oauth.rb
index 679c564a63223e500afecac1a4a19b62dd458b2a..dfa3a8028f2ac98d818081782dc489eb05ba4f1e 100644 (file)
--- a/lib/oauth.rb
+++ b/lib/oauth.rb
@@ -1,7 +1,7 @@
 module Oauth
   SCOPES = %w[
     read_prefs write_prefs write_diary
-    write_api read_gpx write_gpx write_notes write_redactions
+    write_api write_changeset_comments read_gpx write_gpx write_notes write_redactions
     consume_messages send_messages openid
   ].freeze
   PRIVILEGED_SCOPES = %w[read_email skip_authorization].freeze

diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb
index 0f69ddba9583a86eb33e5b2a19d448736b857862..58c8f7fe7141f95fee59b393beb65fc74dbe1d87 100644 (file)
--- a/test/abilities/api_capability_test.rb
+++ b/test/abilities/api_capability_test.rb
@@ -13,9 +13,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     end
   end
 
-  test "as a normal user with write_api scope" do
+  test "as a normal user with write_changeset_comments scope" do
     user = create(:user)
-    scopes = Set.new %w[write_api]
+    scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 
     [:destroy, :restore].each do |action|
@@ -37,9 +37,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     end
   end
 
-  test "as a moderator with write_api scope" do
+  test "as a moderator with write_changeset_comments scope" do
     user = create(:moderator_user)
-    scopes = Set.new %w[write_api]
+    scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 
     [:create, :destroy, :restore].each do |action|