diff --git a/app/javascript/OAuth/AuthorizationPrompt.tsx b/app/javascript/OAuth/AuthorizationPrompt.tsx index 023e851299..440f1ffa53 100644 --- a/app/javascript/OAuth/AuthorizationPrompt.tsx +++ b/app/javascript/OAuth/AuthorizationPrompt.tsx @@ -135,7 +135,7 @@ function AuthorizationPrompt() {

This will allow {preAuth?.client_name} to access{' '} - {scopes?.includes('read_profile') + {scopes?.includes('read_profile') || scopes?.includes('profile') ? 'all information in your convention profiles' : 'the public information in your convention profiles'}{' '} as well as information about events you can access. diff --git a/app/javascript/OAuth/PermissionsPrompt.tsx b/app/javascript/OAuth/PermissionsPrompt.tsx index f9130d6a05..1e8dea6d25 100644 --- a/app/javascript/OAuth/PermissionsPrompt.tsx +++ b/app/javascript/OAuth/PermissionsPrompt.tsx @@ -37,38 +37,7 @@ function getScopeGroupDescription(scopeGroup: string, t: TFunction) { } function getScopeDescription(scopeName: string, t: TFunction) { - switch (scopeName) { - case 'public': - return t('oauth.permissions.public'); - case 'openid': - return t('oauth.permissions.openid'); - case 'read_profile': - return t('oauth.permissions.read_profile'); - case 'read_signups': - return t('oauth.permissions.read_signups'); - case 'read_events': - return t('oauth.permissions.read_events'); - case 'read_conventions': - return t('oauth.permissions.read_conventions'); - case 'read_organizations': - return t('oauth.permissions.read_organizations'); - case 'read_email_routing': - return t('oauth.permissions.read_email_routing'); - case 'manage_profile': - return t('oauth.permissions.manage_profile'); - case 'manage_signups': - return t('oauth.permissions.manage_signups'); - case 'manage_events': - return t('oauth.permissions.manage_events'); - case 'manage_conventions': - return t('oauth.permissions.manage_conventions'); - case 'manage_organizations': - return t('oauth.permissions.manage_organizations'); - case 'manage_email_routing': - return t('oauth.permissions.manage_email_routing'); - default: - return scopeName; - } + return t(`oauth.permissions.${scopeName}`, scopeName); } export type PermissionsPromptProps = { diff --git a/app/policies/authorization_info.rb b/app/policies/authorization_info.rb index 230febe786..2801ecf522 100644 --- a/app/policies/authorization_info.rb +++ b/app/policies/authorization_info.rb @@ -8,6 +8,8 @@ class AuthorizationInfo Queries::UserConProfileQueryManager ].freeze + SCOPE_ALIASES = { email: :public, profile: :read_profile }.freeze + module QueryMethods METHODS = AuthorizationInfo::QUERY_MANAGER_CLASSES.flat_map(&:query_methods) delegate(*METHODS, to: :authorization_info) @@ -34,11 +36,7 @@ def initialize(user, doorkeeper_token, assumed_identity_from_profile: nil, known @user = user @assumed_identity_from_profile = assumed_identity_from_profile @doorkeeper_token = doorkeeper_token - possible_query_manager_params = { - user: user, - known_user_con_profiles: known_user_con_profiles, - authorization_info: self - } + possible_query_manager_params = { user:, known_user_con_profiles:, authorization_info: self } QUERY_MANAGER_CLASSES.each do |query_manager_class| instance_variable_name = query_manager_class.name.demodulize.underscore.to_sym @@ -54,13 +52,17 @@ def site_admin? end def oauth_scope?(scope) - raise ArgumentError, "Invalid scope: #{scope}" unless Doorkeeper.configuration.scopes.include?(scope.to_s) + resolved_scope = SCOPE_ALIASES[scope.to_sym] if SCOPE_ALIASES.key?(scope.to_sym) + + unless Doorkeeper.configuration.scopes.include?(resolved_scope.to_s) + raise ArgumentError, "Invalid scope: #{resolved_scope}" + end - doorkeeper_token.nil? || doorkeeper_token.scopes.exists?(scope) + doorkeeper_token.nil? || doorkeeper_token.scopes.exists?(resolved_scope) end - def oauth_scoped_disjunction(&block) - Queries::OAuthScopedDisjunction.evaluate(self, &block) + def oauth_scoped_disjunction(&) + Queries::OAuthScopedDisjunction.evaluate(self, &) end def actual_user diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 44c1753421..fe4ef20283 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -96,6 +96,8 @@ def id # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes default_scopes :public optional_scopes :openid, + :email, + :profile, :read_profile, :read_signups, :read_events, diff --git a/config/locales/en.yml b/config/locales/en.yml index 8a0b5f61b6..6495ef3261 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -41,6 +41,8 @@ en: title: Authorized applications scopes: public: 'Access your public data, and public data about conventions you are signed up for' + email: 'Access your public data, and public data about conventions you are signed up for' + profile: 'Access your personal profile data' read_profile: 'Access your personal profile data' read_signups: 'Access data about your signups' read_events: 'Access data about the events and event proposals you manage' diff --git a/locales/en.json b/locales/en.json index 870d907c0f..98d8cef588 100644 --- a/locales/en.json +++ b/locales/en.json @@ -985,6 +985,7 @@ "readPublic": "Read-only access to public data" }, "permissions": { + "email": "Access your public data, and public data about conventions you are signed up for", "manage_conventions": "Update conventions you manage", "manage_email_routing": "Update sitewide email routing rules", "manage_events": "Update events and event proposals you manage", @@ -992,6 +993,7 @@ "manage_profile": "Update your personal profile data", "manage_signups": "Sign you up and withdraw you from events", "openid": "Authenticate you using your account", + "profile": "Access your personal profile data", "public": "Access your public data, and public data about conventions you are signed up for", "read_conventions": "Access privileged data about the conventions you manage (e.g. user profiles)", "read_email_routing": "Read sitewide email routing rules",