Use scoped tokens to load <audio> urls instead of JWT

2025-10-04 07:29:17 +02:00 · 2020-05-11 10:06:35 +02:00 · 2020-05-11 10:06:35 +02:00 · ec8dfdb740
commit ec8dfdb740
parent 13d28f7b0c
17 changed files with 265 additions and 39 deletions
--- a/api/funkwhale_api/users/oauth/permissions.py
+++ b/api/funkwhale_api/users/oauth/permissions.py
@ -77,6 +77,10 @@ class ScopePermission(permissions.BasePermission):

        if isinstance(token, models.AccessToken):
            return self.has_permission_token(token, required_scope)
+        elif getattr(request, "scopes", None):
+            return should_allow(
+                required_scope=required_scope, request_scopes=set(request.scopes)
+            )
        elif request.user.is_authenticated:
            user_scopes = scopes.get_from_permissions(**request.user.get_permissions())
            return should_allow(