OAuth: add new "history" and "save" scopes

history: gives access to voting history, saved and hidden save: allows save/unsave for submissions and comments
2026-01-28 08:17:58 -05:00 · 2013-05-01 19:50:25 -04:00
parent 0265142711
commit 31459b18f7
3 changed files with 15 additions and 0 deletions
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -2152,6 +2152,7 @@ class ApiController(RedditController, OAuth2ResourceController):
            sr = thing.subreddit_slow
            ModAction.create(sr, c.user, 'distinguish', target=thing, **log_kw)

+    @require_oauth2_scope("save")
    @noresponse(VUser(),
                VModhash(),
                thing = VByName('id'))
@@ -2168,6 +2169,7 @@ class ApiController(RedditController, OAuth2ResourceController):
        if isinstance(thing, Comment) and not c.user.gold: return
        r = thing._save(c.user)

+    @require_oauth2_scope("save")
    @noresponse(VUser(),
                VModhash(),
                thing = VByName('id'))
--- a/r2/r2/controllers/listingcontroller.py
+++ b/r2/r2/controllers/listingcontroller.py
@@ -654,6 +654,7 @@ class UserController(ListingController):

        return q

+    @require_oauth2_scope("history")
    @validate(vuser = VExistingUname('username'),
              sort = VMenu('sort', ProfileSortMenu, remember = False),
              time = VMenu('t', TimeMenu, remember = False))
--- a/r2/r2/models/token.py
+++ b/r2/r2/models/token.py
@@ -105,6 +105,13 @@ class OAuth2Scope:
            "name": _("Edit Posts"),
            "description": _("Edit and delete my comments and submissions."),
        },
+        "history": {
+            "id": "history",
+            "name": _("History"),
+            "description": _(
+                "Access my voting history and comments or submissions I've"
+                " saved or hidden."),
+        },
        "identity": {
            "id": "identity",
            "name": _("My Identity"),
@@ -159,6 +166,11 @@ class OAuth2Scope:
            "name": _("Read Content"),
            "description": _("Access posts and comments through my account."),
        },
+        "save": {
+            "id": "save",
+            "name": _("Save Content"),
+            "description": _("Save and unsave comments and submissions."),
+        },
        "submit": {
            "id": "submit",
            "name": _("Submit Content"),