Require the 'create' scope in the token to be present in order to create new entries

This commit is contained in:
Danielle McLean 2018-01-29 11:01:57 +11:00
parent 9f733125a7
commit b5604ac8d1
Signed by untrusted user: 00dani
GPG key ID: 5A5D2D1AFF12EEC5

View file

@ -33,6 +33,8 @@ def create(request):
'application/json': json.load, 'application/json': json.load,
'application/x-www-form-urlencoded': form_to_mf2, 'application/x-www-form-urlencoded': form_to_mf2,
} }
if 'create' not in request.token:
return error.bad_scope('create')
if request.content_type not in normalise: if request.content_type not in normalise:
return error.unsupported_type(request.content_type) return error.unsupported_type(request.content_type)
body = normalise[request.content_type](request) body = normalise[request.content_type](request)