diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py index 155f1443d..b54ea2065 100755 --- a/r2/r2/controllers/api.py +++ b/r2/r2/controllers/api.py @@ -2152,6 +2152,7 @@ class ApiController(RedditController, OAuth2ResourceController): sr = thing.subreddit_slow ModAction.create(sr, c.user, 'distinguish', target=thing, **log_kw) + @require_oauth2_scope("save") @noresponse(VUser(), VModhash(), thing = VByName('id')) @@ -2168,6 +2169,7 @@ class ApiController(RedditController, OAuth2ResourceController): if isinstance(thing, Comment) and not c.user.gold: return r = thing._save(c.user) + @require_oauth2_scope("save") @noresponse(VUser(), VModhash(), thing = VByName('id')) diff --git a/r2/r2/controllers/listingcontroller.py b/r2/r2/controllers/listingcontroller.py index fb8bac560..9f5182c21 100755 --- a/r2/r2/controllers/listingcontroller.py +++ b/r2/r2/controllers/listingcontroller.py @@ -654,6 +654,7 @@ class UserController(ListingController): return q + @require_oauth2_scope("history") @validate(vuser = VExistingUname('username'), sort = VMenu('sort', ProfileSortMenu, remember = False), time = VMenu('t', TimeMenu, remember = False)) diff --git a/r2/r2/models/token.py b/r2/r2/models/token.py index da901e1e5..7c30553af 100644 --- a/r2/r2/models/token.py +++ b/r2/r2/models/token.py @@ -105,6 +105,13 @@ class OAuth2Scope: "name": _("Edit Posts"), "description": _("Edit and delete my comments and submissions."), }, + "history": { + "id": "history", + "name": _("History"), + "description": _( + "Access my voting history and comments or submissions I've" + " saved or hidden."), + }, "identity": { "id": "identity", "name": _("My Identity"), @@ -159,6 +166,11 @@ class OAuth2Scope: "name": _("Read Content"), "description": _("Access posts and comments through my account."), }, + "save": { + "id": "save", + "name": _("Save Content"), + "description": _("Save and unsave comments and submissions."), + }, "submit": { "id": "submit", "name": _("Submit Content"),