[OAuth] Add allowed_scopes to application model

1473db29 · Nik | Klampfradler · b4090959 · 1473db29 · 1473db29
Verified Commit 1473db29 authored Nov 4, 2021 by Nik | Klampfradler
--- a/aleksis/core/models.py
+++ b/aleksis/core/models.py
@@ -30,6 +30,7 @@ from django_celery_results.models import TaskResult
 from dynamic_preferences.models import PerInstancePreferenceModel
 from model_utils import FieldTracker
 from model_utils.models import TimeStampedModel
+from multiselectfield import MultiSelectField
 from oauth2_provider.models import (
    AbstractAccessToken,
    AbstractApplication,
@@ -58,6 +59,7 @@ from .mixins import (
    SchoolTermRelatedExtensibleModel,
 )
 from .tasks import send_notification
+from .util.auth_helpers import AppScopes
 from .util.core_helpers import get_site_preferences, now_tomorrow
 from .util.model_helpers import ICONS

@@ -1112,6 +1114,9 @@ class OAuthApplication(AbstractApplication):
        max_length=32, choices=AbstractApplication.GRANT_TYPES, blank=True, null=True
    )

+    # Optional list of alloewd scopes
+    allowed_scopes = MultiSelectField(choices=list(AppScopes().get_all_scopes().items()))
+
    def allows_grant_type(self, *grant_types: set[str]) -> bool:
        allowed_grants = get_site_preferences()["auth__oauth_allowed_grants"]


--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -1080,7 +1080,13 @@ class OAuth2Update(PermissionRequiredMixin, UpdateView):
        """Return the form class for the application model."""
        return modelform_factory(
            OAuthApplication,
-            fields=("name", "client_id", "client_secret", "client_type", "redirect_uris",),
+            fields=(
+                "name",
+                "client_id",
+                "client_secret",
+                "client_type",
+                "allowed_scopes",
+                "redirect_uris",),
        )