From 551f2fa59eec11c94eb0ab187c06ccab7b8d5647 Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Wed, 18 Sep 2019 12:31:33 +0300
Subject: [PATCH] [#1234] Added changelog entry, removed admin OAuth scopes.

---
 CHANGELOG.md                                     |  1 +
 .../web/admin_api/admin_api_controller.ex        | 16 ++++++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 584386136..7e2c8066f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -117,6 +117,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Admin API: Added moderation log
 - Web response cache (currently, enabled for ActivityPub)
 - Mastodon API: Added an endpoint to get multiple statuses by IDs (`GET /api/v1/statuses/?ids[]=1&ids[]=2`)
+- OAuth: support for hierarchical permissions / [Mastodon 2.4.3 OAuth permissions](https://docs.joinmastodon.org/api/permissions/)
 
 ### Changed
 - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text
diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex
index 2c9840580..7f1a8e566 100644
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@@ -26,13 +26,13 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:read:accounts", "read:accounts"]}
+    %{scopes: ["read:accounts"]}
     when action in [:list_users, :user_show, :right_get, :invites]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:write", "write:accounts"]}
+    %{scopes: ["write:accounts"]}
     when action in [
            :get_invite_token,
            :revoke_invite,
@@ -53,35 +53,35 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:read:reports", "read:reports"]} when action in [:list_reports, :report_show]
+    %{scopes: ["read:reports"]} when action in [:list_reports, :report_show]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:write:reports", "write:reports"]}
+    %{scopes: ["write:reports"]}
     when action in [:report_update_state, :report_respond]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:read:statuses", "read:statuses"]} when action == :list_user_statuses
+    %{scopes: ["read:statuses"]} when action == :list_user_statuses
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:write:statuses", "write:statuses"]}
+    %{scopes: ["write:statuses"]}
     when action in [:status_update, :status_delete]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:read", "read"]}
+    %{scopes: ["read"]}
     when action in [:config_show, :migrate_to_db, :migrate_from_db, :list_log]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["admin:write", "write"]}
+    %{scopes: ["write"]}
     when action in [:relay_follow, :relay_unfollow, :config_update]
   )