Merge branch '468_oauth2_scopes' into 'develop'

[#468] OAuth2 scopes

Closes #468

See merge request pleroma/pleroma!799

1 files changed, 19 insertions, 0 deletions

diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs
index 007d7d8e6..fc762ab18 100644
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@@ -16,6 +16,25 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
 
       assert response == "job started"
     end
+
+    test "requires 'follow' permission", %{conn: conn} do
+      token1 = insert(:oauth_token, scopes: ["read", "write"])
+      token2 = insert(:oauth_token, scopes: ["follow"])
+      another_user = insert(:user)
+
+      for token <- [token1, token2] do
+        conn =
+          conn
+          |> put_req_header("authorization", "Bearer #{token.token}")
+          |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"})
+
+        if token == token1 do
+          assert %{"error" => "Insufficient permissions: follow."} == json_response(conn, 403)
+        else
+          assert json_response(conn, 200)
+        end
+      end
+    end
   end
 
   describe "POST /api/pleroma/blocks_import" do