<p></p>
<p><b>@AntonKhorev</b> commented on this pull request.</p>

<hr>

<p>In <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4387#discussion_r1434099207">app/helpers/authorization_helper.rb</a>:</p>
<pre style='color:#555'>> @@ -0,0 +1,15 @@
+module AuthorizationHelper
+  include ActionView::Helpers::TranslationHelper
+
+  MODERATOR_SCOPES = %w[write_redactions].freeze
+
+  def authorization_scope(scope)
+    html = []
+    if MODERATOR_SCOPES.include? scope
+      html << image_tag("roles/moderator.png", :srcset => image_path("roles/moderator.svg", :class => "align-text-bottom"), :size => "20x20")
+      html << " "
</pre>
<blockquote>
<p dir="auto">Should we also add the administrator icon to privileged scopes?</p>
</blockquote>
<p dir="auto">Are they supposed to be used by administrators?</p>
<p dir="auto">I added these stars in response to <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1954133496" data-permission-text="Title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/4301" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/4301/hovercard?comment_id=1367689627&comment_type=review_comment" href="https://github.com/openstreetmap/openstreetmap-website/pull/4301#discussion_r1367689627">#4301 (comment)</a> - to avoid accidentally granting moderator-only permissions to some app that might misuse them. Users are supposed to notice the star in the authorization dialog and be extra careful. <code class="notranslate">skip_authorization</code> privileged scope skips that dialog entirely. Users won't have a chance to review the permissions in this case.</p>
<p dir="auto">The difference is that only administrators can register an app with privileged scopes but anyone can use the app with these scopes(?). Apps with moderator scopes can be registered by anyone, but only moderators can use features granted by these scopes.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4387#discussion_r1434099207">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLNDUFVOYDJLKJPBINLYKQ4YJAVCNFSM6AAAAABAEPPM26VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTOOJTGAYDINRYGM">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLMPSS5KXCJ4THKUTGLYKQ4YJA5CNFSM6AAAAABAEPPM26WGG33NNVSW45C7OR4XAZNRKB2WY3CSMVYXKZLTORJGK5TJMV32UY3PNVWWK3TUL5UWJTTK34KIW.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/pull/4387/review/1793004683</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/4387#discussion_r1434099207",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/4387#discussion_r1434099207",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>