diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py index 548f4b9b9..13003c6f2 100755 --- a/r2/r2/controllers/api.py +++ b/r2/r2/controllers/api.py @@ -843,6 +843,7 @@ class ApiController(RedditController, OAuth2ResourceController): queries.delete(thing) + @require_oauth2_scope("modposts") @noresponse(VUser(), VModhash(), VSrCanAlter('id'), @@ -859,6 +860,7 @@ class ApiController(RedditController, OAuth2ResourceController): # flag search indexer that something has changed changed(thing) + @require_oauth2_scope("modposts") @noresponse(VUser(), VModhash(), VSrCanAlter('id'), @@ -1631,6 +1633,7 @@ class ApiController(RedditController, OAuth2ResourceController): d['approval'] = approval g.hardcache.set(key, d, time=86400 * 7) + @require_oauth2_scope("modposts") @noresponse(VUser(), VModhash(), why = VSrCanBan('id'), thing = VByName('id'), @@ -1671,6 +1674,7 @@ class ApiController(RedditController, OAuth2ResourceController): action = 'remove' + thing.__class__.__name__.lower() ModAction.create(sr, c.user, action, **kw) + @require_oauth2_scope("modposts") @noresponse(VUser(), VModhash(), why = VSrCanBan('id'), thing = VByName('id')) @@ -1697,6 +1701,7 @@ class ApiController(RedditController, OAuth2ResourceController): action = 'approve' + thing.__class__.__name__.lower() ModAction.create(sr, c.user, action, **kw) + @require_oauth2_scope("modposts") @validatedForm(VUser(), VModhash(), VCanDistinguish(('id', 'how')), thing = VByName('id'), diff --git a/r2/r2/models/token.py b/r2/r2/models/token.py index 6eb1ee55b..31db6cd1d 100644 --- a/r2/r2/models/token.py +++ b/r2/r2/models/token.py @@ -107,6 +107,13 @@ class OAuth2Scope: "description": _( "Manage and assign flair in subreddits I moderate."), }, + "modposts": { + "id": "modposts", + "name": _("Moderate Posts"), + "description": _( + "Approve, remove, mark nsfw, and distinguish content" + " in subreddits I moderate."), + }, "modtraffic": { "id": "modtraffic", "name": _("Subreddit Traffic"),