Restrict token scope for notifications
This commit is contained in:
parent
06e9c81b64
commit
be5164b4f4
2 changed files with 3 additions and 3 deletions
|
@ -685,7 +685,7 @@ func Routes(ctx gocontext.Context) *web.Route {
|
|||
m.Combo("/threads/{id}").
|
||||
Get(notify.GetThread).
|
||||
Patch(notify.ReadThread)
|
||||
}, reqToken(""))
|
||||
}, reqToken(auth_model.AccessTokenScopeNotification))
|
||||
|
||||
// Users
|
||||
m.Group("/users", func() {
|
||||
|
|
|
@ -27,7 +27,7 @@ func TestAPINotification(t *testing.T) {
|
|||
thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5})
|
||||
assert.NoError(t, thread5.LoadAttributes())
|
||||
session := loginUser(t, user2.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "notification")
|
||||
|
||||
// -- GET /notifications --
|
||||
// test filter
|
||||
|
@ -145,7 +145,7 @@ func TestAPINotificationPUT(t *testing.T) {
|
|||
thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5})
|
||||
assert.NoError(t, thread5.LoadAttributes())
|
||||
session := loginUser(t, user2.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "notification")
|
||||
|
||||
// Check notifications are as expected
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications?all=true&token=%s", token))
|
||||
|
|
Loading…
Add table
Reference in a new issue