Add a privileged scope that allows email addresses to be returned

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0884964edffbd3498b6f6466626e4e8e78203dff..517b11e140818818dd7ab16b7219a39f04337720 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -395,4 +395,10 @@ class ApplicationController < ActionController::Base
 
     referer.to_s
   end
+
+  def scope_enabled?(scope)
+    doorkeeper_token&.includes_scope?(scope) || current_token&.includes_scope?(scope)
+  end
+
+  helper_method :scope_enabled?
 end

diff --git a/app/views/api/users/_user.json.jbuilder b/app/views/api/users/_user.json.jbuilder
index 8423353dd3a1af1f8e534e0bc8e659ef12cb3a2d..7659e4e110c5b40667cb681b21fb116f48295913 100644 (file)
--- a/app/views/api/users/_user.json.jbuilder
+++ b/app/views/api/users/_user.json.jbuilder
@@ -65,5 +65,7 @@ json.user do
         json.count user.sent_messages.size
       end
     end
+
+    json.email user.email if scope_enabled?(:read_email)
   end
 end

diff --git a/app/views/api/users/_user.xml.builder b/app/views/api/users/_user.xml.builder
index 9092f2c96bacaaf1cb2233756716c41d36ecd0fc..7d6b177f2f6db76d6d8222dd9918fc5b6d6efa7b 100644 (file)
--- a/app/views/api/users/_user.xml.builder
+++ b/app/views/api/users/_user.xml.builder
@@ -40,5 +40,6 @@ xml.tag! "user", :id => user.id,
                            :unread => user.new_messages.size
       xml.tag! "sent", :count => user.sent_messages.size
     end
+    xml.tag! "email", user.email if scope_enabled?(:read_email)
   end
 end

diff --git a/config/locales/en.yml b/config/locales/en.yml
index 0b745aa7cf5e4e7828d4ecc8a547e4f50835977d..89a869683193a3a04c328c142cc41840dff96076 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2342,6 +2342,7 @@ en:
       read_gpx: Read private GPS traces
       write_gpx: Upload GPS traces
       write_notes: Modify notes
+      read_email: Read user email address
   oauth_clients:
     new:
       title: "Register a new application"

diff --git a/lib/oauth.rb b/lib/oauth.rb
index 6980447f914d27338e5b09b6a36a775ae9357e42..07e54d85850c313390bec1c4a0c580f68912300e 100644 (file)
--- a/lib/oauth.rb
+++ b/lib/oauth.rb
@@ -1,6 +1,6 @@
 module Oauth
   SCOPES = %w[read_prefs write_prefs write_diary write_api read_gpx write_gpx write_notes].freeze
-  PRIVILEGED_SCOPES = %w[].freeze
+  PRIVILEGED_SCOPES = %w[read_email].freeze
 
   class Scope
     attr_reader :name