Use the scope to determine what the user has access to

src/js/client.js

@@ -222,6 +222,7 @@ angular.module('Application').service('Client', ['$http', '$interval', 'md5', 'N
         this._userInfo.displayName = userInfo.displayName;
         this._userInfo.admin = !!userInfo.admin;
         this._userInfo.twoFactorAuthenticationEnabled = userInfo.twoFactorAuthenticationEnabled;
+        this._userInfo.scope = userInfo.scope;
         this._userInfo.gravatar = 'https://www.gravatar.com/avatar/' + md5.createHash(userInfo.email) + '.jpg?s=24&d=mm';
         this._userInfo.gravatarHuge = 'https://www.gravatar.com/avatar/' + md5.createHash(userInfo.email) + '.jpg?s=128&d=mm';
     };
@@ -263,11 +264,17 @@ angular.module('Application').service('Client', ['$http', '$interval', 'md5', 'N
         return token;
     };
 
+    Client.prototype.hasScope = function (scope) {
+        return this.getUserInfo().scope.split(',').indexOf(scope) !== -1;
+    };
+
     /*
      * Rest API wrappers
      */
     Client.prototype.config = function (callback) {
-        get('/api/v1/cloudron/config').success(function(data, status) {
+        var configRoute = this.hasScope('cloudron') ? '/api/v1/cloudron/config' : '/api/v1/user/cloudron_config';
+
+        get(configRoute).success(function(data, status) {
             if (status !== 200 || typeof data !== 'object') return callback(new ClientError(status, data));
             callback(null, data);
         }).error(defaultErrorHandler(callback));
@@ -1028,7 +1035,9 @@ angular.module('Application').service('Client', ['$http', '$interval', 'md5', 'N
 
         callback = typeof callback === 'function' ? callback : function () {};
 
-        this.getAppsByUser(function (error, apps) {
+        var getAppsFunc = this.hasScope('apps') ? this.getApps : this.getAppsByUser;
+
+        getAppsFunc(function (error, apps) {
             if (error) return callback(error);
 
             // insert or update new apps