fix: correct Exist action scope requirements
@surajmarkupchecks…fix/exist-scope-qa-mismatches → master3 files · +38 −32updated 4w agoloading diff…
@surajmarkupchecks…fix/exist-scope-qa-mismatches → master3 files · +38 −32updated 4w ago@surajmarkupchecks…fix/exist-scope-qa-mismatches → master3 files · +38 −32updated 4w agoexist_oauth2_authorize, which only builds the OAuth authorization URL and is part of the auth flow exceptionget_attribute_templates, where the canonical docs do not state a scope restriction| Action | Code path | Real endpoint / behavior | Old _scopes | New _scopes | Decision |
|---|---|---|---|---|---|
EXIST_EXIST_GET_CORRELATIONS | apps/exist/actions/exist_get_correlations.py | GET /api/2/correlations/ | none | {"all_of": [{"any_of": [17 *_read scopes]}]} | Changed — docs say correlation results are limited to read scopes. Correlations · OAuth2 scopes · Guide |
EXIST_EXIST_GET_USER_ATTRIBUTES | apps/exist/actions/exist_get_user_attributes.py | GET /api/2/attributes/ | none | {"all_of": [{"any_of": [17 *_read scopes]}]} | Changed — docs say user-attribute results are limited to read scopes. Attributes · OAuth2 scopes |
EXIST_EXIST_OAUTH2_AUTHORIZE | apps/exist/actions/exist_oauth2_authorize.py | local URL builder for /oauth2/authorize; no API call | 30 read/write scopes | none | Changed — auth-flow endpoints are exempt from the normal auth requirement, and this action just constructs the URL. OAuth2 auth |
EXIST_GET_ATTRIBUTE_TEMPLATES | apps/exist/actions/get_attribute_templates.py | GET /api/2/attributes/templates/ | none | none | Reviewed, not changed — docs show Bearer auth but do not say this endpoint is limited to read scopes. Attributes |
EXIST_ACQUIRE_ATTRIBUTE_OWNERSHIP — existing write scopes already match /api/2/attributes/acquire/. Attribute ownershipEXIST_EXIST_INCREMENT_ATTRIBUTE_VALUES — existing write scopes already match /api/2/attributes/increment/. Writing dataEXIST_GET_ATTRIBUTES_WITH_VALUES — existing read scopes already match the docs.EXIST_GET_AVERAGES — existing read scopes already match the OAuth2/read-data docs.EXIST_GET_INSIGHTS — existing read scopes already match the OAuth2/read-data docs.EXIST_GET_OWNED_ATTRIBUTES — existing write scopes already match /api/2/attributes/owned/ ownership semantics.EXIST_GET_USER_PROFILE — no scopes remains correct; the guide says clients can see profile details without requesting a dedicated scope. GuideEXIST_RELEASE_ATTRIBUTE_OWNERSHIP — existing write scopes already match /api/2/attributes/release/. Attribute ownershipuv run nox -s fmt_app -- apps/existuv run nox -s chk_app -- apps/existuv run python ... ActionBuilder.validate_scopes(...) across all Exist actionspython3 -m compileall apps/existAll passed.
bugbot pass