liquid_feedback_frontend
view app/main/api/_filter/30_auth.lua @ 1855:080f4112b8a9
Show new suggestion button only during admission and discussion
| author | bsw |
|---|---|
| date | Thu Mar 24 10:37:44 2022 +0100 (2022-03-24) |
| parents | 32cc544d5a5b |
| children |
line source
1 local public_access_scopes = {
2 anonymous = "read_contents",
3 authors_pseudonymous = "read_contents read_authors",
4 all_pseudonymous = "read_contents read_authors read_ratings",
5 everything = "read_contents read_authors read_ratings read_identities read_profiles"
6 }
8 local access_token, access_token_err = util.get_access_token()
10 if access_token_err then
11 if access_token_err == "header_and_param" then
12 return util.api_error(400, "Unauthorized", "invalid_request", "Access token passed both via header and param")
13 end
14 return util.api_error(500, "Internal server error", "internal_error", "Internal server error")
15 end
17 local scope
19 if access_token then
20 local token = Token:by_token_type_and_token("access", access_token)
21 if token then
22 app.access_token = token
23 scope = token.scope
24 else
25 return util.api_error(401, "Unauthorized", "invalid_token", "The access token is invalid or expired")
26 end
27 end
29 if not scope then
30 scope = public_access_scopes[config.public_access]
31 end
33 if not scope then
34 return util.api_error(403, "Forbidden", "insufficient_scope", "Public access is not allowed at this instance.")
35 end
37 app.scopes = {}
39 for scope in string.gmatch(scope, "[^ ]+") do
40 local match = string.match(scope, "(.+)_detached")
41 app.scopes[match or scope] = true
42 end
44 if not next(app.scopes) then
45 return util.api_error(403, "Forbidden", "insufficient_scope", "No valid scope found")
46 end
48 execute.inner()