From 7e98097c710663609274200564fca9eff1ea4d20 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 10 Aug 2023 14:21:52 +0200
Subject: [PATCH] fix(apps): add missing app scopes

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 js/src/components/OAuth/scopes.ts      | 49 +++++++++++++++++++++++++-
 js/src/i18n/en_US.json                 | 14 +++++++-
 js/src/i18n/fr_FR.json                 | 14 +++++++-
 lib/graphql/authorization/app_scope.ex |  7 ++++
 lib/graphql/schema/user.ex             | 14 ++++----
 5 files changed, 88 insertions(+), 10 deletions(-)

diff --git a/js/src/components/OAuth/scopes.ts b/js/src/components/OAuth/scopes.ts
index dfd1ccc15..25a0cdb85 100644
--- a/js/src/components/OAuth/scopes.ts
+++ b/js/src/components/OAuth/scopes.ts
@@ -133,10 +133,57 @@ export const scope: Record<
   "write:group:members": {
     title: t("Manage group members"),
     text: t(
-      "This application will be allowed to manage group members in all of the groups you're a member of"
+      "This application will be allowed to list group members in all of the groups you're a member of"
     ),
     icon: "account-circle",
   },
+  "read:user:media": {
+    title: t("Read user media"),
+    text: t(
+      "This application will be allowed to list the media you've uploaded"
+    ),
+    icon: "image",
+  },
+  "read:user:settings": {
+    title: t("Read user settings"),
+    text: t("This application will be allowed to access your user settings"),
+    icon: "cog",
+  },
+  "read:user:activity_settings": {
+    title: t("Read user activity settings"),
+    text: t(
+      "This application will be allowed to access your user activity settings"
+    ),
+    icon: "cog",
+  },
+  "read:user:participations": {
+    title: t("Read user participations"),
+    text: t(
+      "This application will be allowed to list and view the events you're participating to"
+    ),
+    icon: "account-circle",
+  },
+  "read:user:memberships": {
+    title: t("Read user memberships"),
+    text: t(
+      "This application will be allowed to list and view the groups you're a member of"
+    ),
+    icon: "account-circle",
+  },
+  "read:user:draft_events": {
+    title: t("Access drafts events"),
+    text: t(
+      "This application will be allowed to list and view your draft events"
+    ),
+    icon: "calendar",
+  },
+  "read:user:group_suggested_events": {
+    title: t("Access group suggested events"),
+    text: t(
+      "This application will be allowed to list your suggested group events"
+    ),
+    icon: "calendar",
+  },
   "read:profile:organized_events": {
     title: t("Access organized events"),
     text: t(
diff --git a/js/src/i18n/en_US.json b/js/src/i18n/en_US.json
index c78839b8a..dc52d2ec0 100644
--- a/js/src/i18n/en_US.json
+++ b/js/src/i18n/en_US.json
@@ -1567,5 +1567,17 @@
   "Announcements": "Announcements",
   "Application authorized": "Application authorized",
   "Check your device to continue. You may now close this window.": "Check your device to continue. You may now close this window.",
-  "Participants to {eventTitle}": "Participants to {eventTitle}"
+  "Participants to {eventTitle}": "Participants to {eventTitle}",
+  "Read user media": "Read user media",
+  "This application will be allowed to list the media you've uploaded": "This application will be allowed to list the media you've uploaded",
+  "Read user settings": "Read user settings",
+  "This application will be allowed to access your user settings": "This application will be allowed to access your user settings",
+  "Read user activity settings": "Read user activity settings",
+  "This application will be allowed to access your user activity settings": "This application will be allowed to access your user activity settings",
+  "Read user participations": "Read user participations",
+  "Read user memberships": "Read user memberships",
+  "Access drafts events": "Access drafts events",
+  "This application will be allowed to list and view your draft events": "This application will be allowed to list and view your draft events",
+  "Access group suggested events": "Access group suggested events",
+  "This application will be allowed to list your suggested group events": "This application will be allowed to list your suggested group events"
 }
\ No newline at end of file
diff --git a/js/src/i18n/fr_FR.json b/js/src/i18n/fr_FR.json
index 5a4fdaf0a..bc91b3b8e 100644
--- a/js/src/i18n/fr_FR.json
+++ b/js/src/i18n/fr_FR.json
@@ -1563,5 +1563,17 @@
   "© The OpenStreetMap Contributors": "© Les Contributeur⋅ices OpenStreetMap",
   "Application authorized": "Application autorisée",
   "Check your device to continue. You may now close this window.": "Vérifiez votre appareil pour continuer. Vous pouvez maintenant fermer cette fenêtre.",
-  "Participants to {eventTitle}": "Participant·es à {eventTitle}"
+  "Participants to {eventTitle}": "Participant·es à {eventTitle}",
+  "Read user media": "Lire les médias utilisateur·ice",
+  "This application will be allowed to list the media you've uploaded": "Cette application sera autorisée a lister les médias que vous avez téléversé",
+  "Read user settings": "Lire les paramètres utilisateur·ice",
+  "This application will be allowed to access your user settings": "Cette application sera autorisée a accéder à vos paramètres utilisateur·ice",
+  "Read user activity settings": "Lire les paramètres d'activité utilisateur·ice",
+  "This application will be allowed to access your user activity settings": "Cette application sera autorisée a accéder à vos paramètres utilisateur·ice d'activité",
+  "Read user participations": "Accéder aux participations de l'utilisateur·ice",
+  "Read user memberships": "Accéder aux adhésions de l'utilisateur·ice",
+  "Access drafts events": "Accéder aux événements brouillons",
+  "This application will be allowed to list and view your draft events": "Cetta application sera autorisée à lister et accéder à vos événements brouillons",
+  "Access group suggested events": "Accéder aux événements des groupes suggérés",
+  "This application will be allowed to list your suggested group events": "Cetta application sera autorisée à lister les événements de vos groupes qui vous sont suggérés"
 }
diff --git a/lib/graphql/authorization/app_scope.ex b/lib/graphql/authorization/app_scope.ex
index ebf5c5943..64e55e86c 100644
--- a/lib/graphql/authorization/app_scope.ex
+++ b/lib/graphql/authorization/app_scope.ex
@@ -55,7 +55,14 @@ defmodule Mobilizon.GraphQL.Authorization.AppScope do
       :"read:event",
       :"read:event:participants",
       :"read:event:participants:export",
+      # User permissions
+      :"read:user:media",
       :"read:user:settings",
+      :"read:user:activity_settings",
+      :"read:user:participations",
+      :"read:user:memberships",
+      :"read:user:draft_events",
+      :"read:user:group_suggested_events",
       # Profile permissions
       :"read:profile",
       :"read:profile:organized_events",
diff --git a/lib/graphql/schema/user.ex b/lib/graphql/schema/user.ex
index 5588a414a..be5ea3a96 100644
--- a/lib/graphql/schema/user.ex
+++ b/lib/graphql/schema/user.ex
@@ -71,7 +71,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
     field(:participations, :paginated_participant_list,
       description: "The list of participations this user has",
-      meta: [private: true]
+      meta: [private: true, rule: :"read:user:participations"]
     ) do
       arg(:after_datetime, :datetime, description: "Filter participations by event start datetime")
 
@@ -92,7 +92,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
     field(:memberships, :paginated_member_list,
       description: "The list of memberships for this user",
-      meta: [private: true]
+      meta: [private: true, rule: :"read:user:memberships"]
     ) do
       arg(:name, :string, description: "A name to filter members by")
 
@@ -107,7 +107,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
     field(:drafts, :paginated_event_list,
       description: "The list of draft events this user has created",
-      meta: [private: true]
+      meta: [private: true, rule: :"read:user:draft_events"]
     ) do
       arg(:page, :integer,
         default_value: 1,
@@ -120,7 +120,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
     field(:followed_group_events, :paginated_followed_group_events,
       description: "The suggested events from the groups this user follows",
-      meta: [private: true]
+      meta: [private: true, rule: :"read:user:group_suggested_events"]
     ) do
       arg(:page, :integer,
         default_value: 1,
@@ -141,7 +141,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
     field(:settings, :user_settings,
       description: "The list of settings for this user",
-      meta: [private: true]
+      meta: [private: true, rule: :"read:user:settings"]
     ) do
       resolve(&User.user_settings/3)
     end
@@ -158,7 +158,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
     field(:media, :paginated_media_list,
       description: "The user's media objects",
-      meta: [private: true]
+      meta: [private: true, rule: :"read:user:media"]
     ) do
       arg(:page, :integer,
         default_value: 1,
@@ -176,7 +176,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
 
     field(:activity_settings, list_of(:activity_setting),
       description: "The user's activity settings",
-      meta: [private: true]
+      meta: [private: true, rule: :"read:user:activity_settings"]
     ) do
       resolve(&ActivitySettings.user_activity_settings/3)
     end