[#1427] Reworked admin scopes support.

Requalified users.is_admin flag as legacy accessor to admin actions in case token lacks admin scope(s).
author: Ivan Tashkinov <ivantashkinov@gmail.com> 2019-12-06 00:25:44 +0300
committer: Ivan Tashkinov <ivantashkinov@gmail.com> 2019-12-06 00:25:44 +0300
commit: af42c00cfffb2cd8e93857cd1cf2901113c45bd2 (patch)
tree: a98edf7a3b38b7fae020485100732ef3ba47542e /config/description.exs
parent: 51111e286b316340b45b4e6a378646bed0cb0a6a (diff)
download: pleroma-af42c00cfffb2cd8e93857cd1cf2901113c45bd2.tar.gz
pleroma-af42c00cfffb2cd8e93857cd1cf2901113c45bd2.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/config/description.exs b/config/description.exs
index 70e963399..45e4b43f1 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -2095,6 +2095,15 @@ config :pleroma, :config_description, [
     description: "Authentication / authorization settings",
     children: [
       %{
+        key: :enforce_oauth_admin_scope_usage,
+        type: :boolean,
+        description:
+          "OAuth admin scope requirement toggle. " <>
+            "If `true`, admin actions explicitly demand admin OAuth scope(s) presence in OAuth token " <>
+            "(client app must support admin scopes). If `false` and token doesn't have admin scope(s)," <>
+            "`is_admin` user flag grants access to admin-specific actions."
+      },
+      %{
         key: :auth_template,
         type: :string,
         description:
author	Ivan Tashkinov <ivantashkinov@gmail.com>	2019-12-06 00:25:44 +0300
committer	Ivan Tashkinov <ivantashkinov@gmail.com>	2019-12-06 00:25:44 +0300
commit	af42c00cfffb2cd8e93857cd1cf2901113c45bd2 (patch)
tree	a98edf7a3b38b7fae020485100732ef3ba47542e /config/description.exs
parent	51111e286b316340b45b4e6a378646bed0cb0a6a (diff)
download	pleroma-af42c00cfffb2cd8e93857cd1cf2901113c45bd2.tar.gz pleroma-af42c00cfffb2cd8e93857cd1cf2901113c45bd2.zip