Require the 'create' scope in the token to be present in order to create new entries

2018-01-29 11:01:57 +11:00 · 2018-01-29 11:01:57 +11:00 · b5604ac8d1
parent 9f733125a7
commit b5604ac8d1
1 changed files with 2 additions and 0 deletions
--- a/micropub/views/create.py
+++ b/micropub/views/create.py
@ -33,6 +33,8 @@ def create(request):
        'application/json': json.load,
        'application/x-www-form-urlencoded': form_to_mf2,
    }
+    if 'create' not in request.token:
+        return error.bad_scope('create')
    if request.content_type not in normalise:
        return error.unsupported_type(request.content_type)
    body = normalise[request.content_type](request)