Merge pull request #7 from FoskyM/bugfix/6-user-group

fix: permission
This commit is contained in:
FoskyM 2023-12-07 11:01:07 +08:00 committed by GitHub
commit bd4402f98c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 1 deletions

View file

@ -217,6 +217,7 @@ img.oauth-scope-object {
font-weight: 800;
color: #382e2e;
margin-block-end: 0;
font-size: 12px;
}
.oauth-scope-body small {

View file

@ -9,6 +9,7 @@ use Psr\Http\Message\ServerRequestInterface;
use Tobscure\JsonApi\Document;
use FoskyM\OAuthCenter\Models\Scope;
use FoskyM\OAuthCenter\Api\Serializer\ScopeSerializer;
use FoskyM\OAuthCenter\Api\Serializer\ScopeUserSerializer;
class ListScopeController extends AbstractListController
{
@ -16,7 +17,15 @@ class ListScopeController extends AbstractListController
protected function data(ServerRequestInterface $request, Document $document)
{
$actor = RequestUtil::getActor($request);
$actor->assertAdmin();
try {
$actor->assertAdmin();
} catch (\Exception $e) {
$actor->assertRegistered();
if (!$actor->hasPermission('foskym-oauth-center.use-oauth')) {
return [];
}
$this->serializer = ScopeUserSerializer::class;
}
return Scope::all();
}

View file

@ -0,0 +1,31 @@
<?php
namespace FoskyM\OAuthCenter\Api\Serializer;
use Flarum\Api\Serializer\AbstractSerializer;
use FoskyM\OAuthCenter\Models\Scope;
use InvalidArgumentException;
class ScopeUserSerializer extends AbstractSerializer
{
protected $type = 'oauth-scopes';
protected function getDefaultAttributes($model)
{
if (!($model instanceof Scope)) {
throw new InvalidArgumentException(
get_class($this) . ' can only serialize instances of ' . Scope::class
);
}
// See https://docs.flarum.org/extend/api.html#serializers for more information.
return [
"scope" => $model->scope,
"is_default" => $model->is_default,
"scope_name" => $model->scope_name,
"scope_icon" => $model->scope_icon,
"scope_desc" => $model->scope_desc,
];
}
}