[openstreetmap/openstreetmap-website] Add oauth scope for redactions (PR #4387)

[Anton Khorev]

@AntonKhorev commented on this pull request.



> @@ -0,0 +1,15 @@
+module AuthorizationHelper
+  include ActionView::Helpers::TranslationHelper
+
+  MODERATOR_SCOPES = %w[write_redactions].freeze
+
+  def authorization_scope(scope)
+    html = []
+    if MODERATOR_SCOPES.include? scope
+      html << image_tag("roles/moderator.png", :srcset => image_path("roles/moderator.svg", :class => "align-text-bottom"), :size => "20x20")
+      html << " "

> Should we also add the administrator icon to privileged scopes?

Are they supposed to be used by administrators?

I added these stars in response to https://github.com/openstreetmap/openstreetmap-website/pull/4301#discussion_r1367689627 - to avoid accidentally granting moderator-only permissions to some app that might misuse them. Users are supposed to notice the star in the authorization dialog and be extra careful. `skip_authorization` privileged scope skips that dialog entirely. Users won't have a chance to review the permissions in this case.

The difference is that only administrators can register an app with privileged scopes but anyone can use the app with these scopes(?). Apps with moderator scopes can be registered by anyone, but only moderators can use features granted by these scopes.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4387#discussion_r1434099207
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4387/review/1793004683 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231221/b207394a/attachment-0001.htm>