mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-25 00:30:59 +00:00
Allow API access with cookies again
This commit is contained in:
parent
026e1be357
commit
6411a375ba
1 changed files with 9 additions and 3 deletions
|
@ -32,12 +32,18 @@ def scope_required(scope: str, requires_identity=True):
|
|||
@wraps(function)
|
||||
def inner(request, *args, **kwargs):
|
||||
if not request.token:
|
||||
return JsonResponse({"error": "identity_token_required"}, status=401)
|
||||
if request.identity:
|
||||
# They're just logged in via cookie - give full access
|
||||
pass
|
||||
else:
|
||||
return JsonResponse(
|
||||
{"error": "identity_token_required"}, status=401
|
||||
)
|
||||
elif not request.token.has_scope(scope):
|
||||
return JsonResponse({"error": "out_of_scope_for_token"}, status=403)
|
||||
# They need an identity
|
||||
if not request.identity and requires_identity:
|
||||
return JsonResponse({"error": "identity_token_required"}, status=401)
|
||||
if not request.token.has_scope(scope):
|
||||
return JsonResponse({"error": "out_of_scope_for_token"}, status=403)
|
||||
return function(request, *args, **kwargs)
|
||||
|
||||
inner.csrf_exempt = True # type:ignore
|
||||
|
|
Loading…
Reference in a new issue