Introduce OAuth scopes for bookmarks

app/controllers/api/v1/bookmarks_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::BookmarksController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read }
+  before_action -> { doorkeeper_authorize! :read, :'read:bookmarks' }
   before_action :require_user!
   after_action :insert_pagination_headers
 

app/controllers/api/v1/statuses/bookmarks_controller.rb

@@ -3,7 +3,7 @@
 class Api::V1::Statuses::BookmarksController < Api::BaseController
   include Authorization
 
-  before_action -> { doorkeeper_authorize! :write }
+  before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
   before_action :require_user!
 
   respond_to :json

config/initializers/doorkeeper.rb

@@ -58,6 +58,7 @@ Doorkeeper.configure do
   optional_scopes :write,
                   :'write:accounts',
                   :'write:blocks',
+                  :'write:bookmarks',
                   :'write:favourites',
                   :'write:filters',
                   :'write:follows',
@@ -70,6 +71,7 @@ Doorkeeper.configure do
                   :read,
                   :'read:accounts',
                   :'read:blocks',
+                  :'read:bookmarks',
                   :'read:favourites',
                   :'read:filters',
                   :'read:follows',

config/locales/doorkeeper.en.yml

@@ -119,6 +119,7 @@ en:
       read: read all your account's data
       read:accounts: see accounts information
       read:blocks: see your blocks
+      read:bookmarks: see your bookmarks
       read:favourites: see your favourites
       read:filters: see your filters
       read:follows: see your follows
@@ -131,6 +132,7 @@ en:
       write: modify all your account's data
       write:accounts: modify your profile
       write:blocks: block accounts and domains
+      write:bookmarks: bookmark statuses
       write:favourites: favourite statuses
       write:filters: create filters
       write:follows: follow people

spec/controllers/api/v1/bookmarks_controller_spec.rb

@@ -4,7 +4,7 @@ RSpec.describe Api::V1::BookmarksController, type: :controller do
   render_views
 
   let(:user)  { Fabricate(:user) }
-  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:bookmarks') }
 
   describe 'GET #index' do
     context 'without token' do

spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb

@@ -7,7 +7,7 @@ describe Api::V1::Statuses::BookmarksController do
 
   let(:user)  { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
   let(:app)   { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
-  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write', application: app) }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:bookmarks', application: app) }
 
   context 'with an oauth token' do
     before do