From b5604ac8d1fd30aef4d3437410ecd575ac5065f1 Mon Sep 17 00:00:00 2001
From: Danielle McLean <dani@00dani.me>
Date: Mon, 29 Jan 2018 11:01:57 +1100
Subject: [PATCH] Require the 'create' scope in the token to be present in
 order to create new entries

---
 micropub/views/create.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/micropub/views/create.py b/micropub/views/create.py
index cb5f8ed..2cf5a96 100644
--- a/micropub/views/create.py
+++ b/micropub/views/create.py
@@ -33,6 +33,8 @@ def create(request):
         'application/json': json.load,
         'application/x-www-form-urlencoded': form_to_mf2,
     }
+    if 'create' not in request.token:
+        return error.bad_scope('create')
     if request.content_type not in normalise:
         return error.unsupported_type(request.content_type)
     body = normalise[request.content_type](request)