[openstreetmap/openstreetmap-website] Add oauth scope for redactions (PR #4387)

[Anton Khorev]

Currently redactions are allowed if the `write_api` is granted. But `write_api` is a very common scope requested by many apps for things like adding changeset comments. Those apps have no business being able to redact anything.

Here a separate scope for redactions is introduced. `write_api` still allows redactions, this is to be disabled in a later pull request, after [osmtools](https://github.com/woodpeck/osm-revert-scripts) are updated to request the new `write_redactions` scope. I don't know about any other apps that need this permission.
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/4387

-- Commit Summary --

  * Highlight moderator-only scopes when showing authorizations
  * Add oauth scope for redactions

-- File Changes --

    M app/abilities/api_capability.rb (8)
    A app/helpers/authorization_helper.rb (15)
    M app/views/oauth2_applications/_application.html.erb (2)
    M app/views/oauth2_authorizations/new.html.erb (2)
    M app/views/oauth2_authorized_applications/_application.html.erb (2)
    M config/locales/en.yml (1)
    M lib/oauth.rb (2)
    M test/controllers/api/old_nodes_controller_test.rb (50)
    M test/controllers/api/old_relations_controller_test.rb (50)
    M test/controllers/api/old_ways_controller_test.rb (50)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/4387.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4387.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4387
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4387 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231202/b3359baf/attachment.htm>