Add domain management scope

This splits the domains API into those who have just 'read' access (i.e without configuration details) and those who have 'manage' access.
2018-06-25 15:12:20 -07:00
parent 5028230354
commit 7ab5d5e50d
4 changed files with 19 additions and 10 deletions
@@ -4,7 +4,8 @@ exports = module.exports = {
    SCOPE_APPS: 'apps',
    SCOPE_CLIENTS: 'clients',
    SCOPE_CLOUDRON: 'cloudron',
-    SCOPE_DOMAINS: 'domains',
+    SCOPE_DOMAINS_READ: 'domains:read',
+    SCOPE_DOMAINS_MANAGE: 'domains:manage',
    SCOPE_MAIL: 'mail',
    SCOPE_PROFILE: 'profile',
    SCOPE_SETTINGS: 'settings',
@@ -32,7 +33,7 @@ const ROLE_DEFINITIONS = {
        scopes: exports.VALID_SCOPES
    },
    'manage_apps': {
-        scopes: [ 'apps', 'domains', 'users' ]
+        scopes: [ 'apps', 'domains:read', 'users' ]
    },
    'manage_users': {
        scopes: [ 'users' ]