Resolve "Implement a Oauth provider in Funkwhale"

2025-10-05 05:59:28 +02:00 · 2019-03-25 17:02:51 +01:00 · 2019-03-25 17:02:51 +01:00 · 4c13d47387
commit 4c13d47387
parent 1dc7304bd3
54 changed files with 2811 additions and 249 deletions
--- a/api/funkwhale_api/users/oauth/scopes.py
+++ b/api/funkwhale_api/users/oauth/scopes.py
@ -0,0 +1,93 @@
+class Scope:
+    def __init__(self, id, label="", children=None):
+        self.id = id
+        self.label = ""
+        self.children = children or []
+
+    def copy(self, prefix):
+        return Scope("{}:{}".format(prefix, self.id))
+
+
+BASE_SCOPES = [
+    Scope(
+        "profile", "Access profile data (email, username, avatar, subsonic password…)"
+    ),
+    Scope("libraries", "Access uploads, libraries, and audio metadata"),
+    Scope("edits", "Browse and submit edits on audio metadata"),
+    Scope("follows", "Access library follows"),
+    Scope("favorites", "Access favorites"),
+    Scope("filters", "Access content filters"),
+    Scope("listenings", "Access listening history"),
+    Scope("radios", "Access radios"),
+    Scope("playlists", "Access playlists"),
+    Scope("notifications", "Access personal notifications"),
+    Scope("security", "Access security settings"),
+    # Privileged scopes that require specific user permissions
+    Scope("instance:settings", "Access instance settings"),
+    Scope("instance:users", "Access local user accounts"),
+    Scope("instance:invitations", "Access invitations"),
+    Scope("instance:edits", "Access instance metadata edits"),
+    Scope(
+        "instance:libraries", "Access instance uploads, libraries and audio metadata"
+    ),
+    Scope("instance:accounts", "Access instance federated accounts"),
+    Scope("instance:domains", "Access instance domains"),
+    Scope("instance:policies", "Access instance moderation policies"),
+]
+SCOPES = [
+    Scope("read", children=[s.copy("read") for s in BASE_SCOPES]),
+    Scope("write", children=[s.copy("write") for s in BASE_SCOPES]),
+]
+
+
+def flatten(*scopes):
+    for scope in scopes:
+        yield scope
+        yield from flatten(*scope.children)
+
+
+SCOPES_BY_ID = {s.id: s for s in flatten(*SCOPES)}
+
+FEDERATION_REQUEST_SCOPES = {"read:libraries"}
+ANONYMOUS_SCOPES = {
+    "read:libraries",
+    "read:playlists",
+    "read:listenings",
+    "read:favorites",
+    "read:radios",
+    "read:edits",
+}
+
+COMMON_SCOPES = ANONYMOUS_SCOPES | {
+    "read:profile",
+    "write:profile",
+    "write:libraries",
+    "write:playlists",
+    "read:follows",
+    "write:follows",
+    "write:favorites",
+    "read:notifications",
+    "write:notifications",
+    "write:radios",
+    "write:edits",
+    "read:filters",
+    "write:filters",
+    "write:listenings",
+}
+
+LOGGED_IN_SCOPES = COMMON_SCOPES | {"read:security", "write:security"}
+
+# We don't allow admin access for oauth apps yet
+OAUTH_APP_SCOPES = COMMON_SCOPES
+
+
+def get_from_permissions(**permissions):
+    from funkwhale_api.users import models
+
+    final = LOGGED_IN_SCOPES
+    for permission_name, value in permissions.items():
+        if value is False:
+            continue
+        config = models.PERMISSIONS_CONFIGURATION[permission_name]
+        final = final | config["scopes"]
+    return final