From: Anton Khorev <tony29@yandex.ru>
Date: Wed, 12 Feb 2025 16:32:14 +0000 (+0300)
Subject: Add write_changeset_comments scope
X-Git-Tag: live~158^2~1
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/2d46b44872350975245a8b8bd10595d7d2bdfd4d?ds=sidebyside;hp=-c

Add write_changeset_comments scope
---

2d46b44872350975245a8b8bd10595d7d2bdfd4d
diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb
index c62f65368..a0340c5cd 100644
--- a/app/abilities/api_ability.rb
+++ b/app/abilities/api_ability.rb
@@ -31,13 +31,13 @@ class ApiAbility
         can :create, Message if scopes.include?("send_messages")
 
         if user.terms_agreed?
-          can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_api")
-          can :create, ChangesetComment if scopes.include?("write_api")
-          can [:create, :update, :destroy], [Node, Way, Relation] if scopes.include?("write_api")
+          can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_map")
+          can :create, ChangesetComment if scopes.include?("write_changeset_comments")
+          can [:create, :update, :destroy], [Node, Way, Relation] if scopes.include?("write_map")
         end
 
         if user.moderator?
-          can [:destroy, :restore], ChangesetComment if scopes.include?("write_api")
+          can [:destroy, :restore], ChangesetComment if scopes.include?("write_changeset_comments")
 
           can :destroy, Note if scopes.include?("write_notes")
 
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 86924d55d..bcd43a273 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -67,6 +67,11 @@ class ApiController < ApplicationController
     if doorkeeper_token&.accessible?
       user = User.find(doorkeeper_token.resource_owner_id)
       scopes = Set.new doorkeeper_token.scopes
+      if scopes.include?("write_api")
+        scopes.add("write_map")
+        scopes.add("write_changeset_comments")
+        scopes.delete("write_api")
+      end
       ApiAbility.new(user, scopes)
     else
       ApiAbility.new(nil, Set.new)
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 9aabfc92a..5571a4232 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -87,12 +87,13 @@ en:
         url: Main Application URL (Required)
         callback_url: Callback URL
         support_url: Support URL
-        allow_read_prefs:  read their user preferences
+        allow_read_prefs: read their user preferences
         allow_write_prefs: modify their user preferences
         allow_write_diary: create diary entries and comments
-        allow_write_api:   modify the map
-        allow_read_gpx:    read their private GPS traces
-        allow_write_gpx:   upload GPS traces
+        allow_write_api: modify the map
+        allow_write_changeset_comments: comment on changesets
+        allow_read_gpx: read their private GPS traces
+        allow_write_gpx: upload GPS traces
         allow_write_notes: modify notes
       diary_comment:
         body: "Body"
@@ -2697,6 +2698,7 @@ en:
       write_prefs: Modify user preferences
       write_diary: Create diary entries and comments
       write_api: Modify the map
+      write_changeset_comments: Comment on changesets
       read_gpx: Read private GPS traces
       write_gpx: Upload GPS traces
       write_notes: Modify notes
diff --git a/lib/oauth.rb b/lib/oauth.rb
index 679c564a6..dfa3a8028 100644
--- a/lib/oauth.rb
+++ b/lib/oauth.rb
@@ -1,7 +1,7 @@
 module Oauth
   SCOPES = %w[
     read_prefs write_prefs write_diary
-    write_api read_gpx write_gpx write_notes write_redactions
+    write_api write_changeset_comments read_gpx write_gpx write_notes write_redactions
     consume_messages send_messages openid
   ].freeze
   PRIVILEGED_SCOPES = %w[read_email skip_authorization].freeze
diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb
index 0f69ddba9..58c8f7fe7 100644
--- a/test/abilities/api_capability_test.rb
+++ b/test/abilities/api_capability_test.rb
@@ -13,9 +13,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     end
   end
 
-  test "as a normal user with write_api scope" do
+  test "as a normal user with write_changeset_comments scope" do
     user = create(:user)
-    scopes = Set.new %w[write_api]
+    scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 
     [:destroy, :restore].each do |action|
@@ -37,9 +37,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
     end
   end
 
-  test "as a moderator with write_api scope" do
+  test "as a moderator with write_changeset_comments scope" do
     user = create(:moderator_user)
-    scopes = Set.new %w[write_api]
+    scopes = Set.new %w[write_changeset_comments]
     ability = ApiAbility.new user, scopes
 
     [:create, :destroy, :restore].each do |action|