- # Is the current client permitted to perform ALL actions on behalf
- # of the authenticated user?
- def current_api_client_trusted
- Thread.current[:api_client_trusted]
+ # Does the current API client authorization include any of ok_scopes?
+ def current_api_client_auth_has_scope(ok_scopes)
+ auth_scopes = current_api_client_authorization.andand.scopes || []
+ unless auth_scopes.index('all') or (auth_scopes & ok_scopes).any?
+ logger.warn "Insufficient auth scope: need #{ok_scopes}, #{current_api_client_authorization.inspect} has #{auth_scopes}"
+ return false
+ end
+ true