From 33715ccc5743575dced1e8ceec28949ad824f081 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Thu, 19 Oct 2023 15:37:25 +0200
Subject: [PATCH] FEATURE: Add all user update API scopes (#24016)

There are a few PUT requests that users can do in their preferences tab that aren't going through the standard `user#update` action.

This commit adds all the "trivial" ones (aka. except the security-related one, username and email changes) so you can now change the badge title, the avatar or featured topic of a user via the API.
---
 app/models/api_key_scope.rb                |  9 ++++++++-
 spec/requests/admin/api_controller_spec.rb | 15 +++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/app/models/api_key_scope.rb b/app/models/api_key_scope.rb
index 857b250bfd7..d3a844d7c29 100644
--- a/app/models/api_key_scope.rb
+++ b/app/models/api_key_scope.rb
@@ -126,7 +126,14 @@ class ApiKeyScope < ActiveRecord::Base
             params: %i[username],
           },
           update: {
-            actions: %w[users#update],
+            actions: %w[
+              users#update
+              users#badge_title
+              users#pick_avatar
+              users#select_avatar
+              users#feature_topic
+              users#clear_featured_topic
+            ],
             params: %i[username],
           },
           log_out: {
diff --git a/spec/requests/admin/api_controller_spec.rb b/spec/requests/admin/api_controller_spec.rb
index 4c0f75d81c1..6592eec3bd4 100644
--- a/spec/requests/admin/api_controller_spec.rb
+++ b/spec/requests/admin/api_controller_spec.rb
@@ -464,6 +464,21 @@ RSpec.describe Admin::ApiController do
 
         expect(scopes["posts"].any? { |h| h["urls"].include?("/posts (GET)") }).to be_truthy
         expect(scopes["posts"].any? { |h| h["urls"].include?("/private-posts (GET)") }).to be_truthy
+
+        expect(scopes["users"].find { _1["key"] == "update" }["urls"]).to contain_exactly(
+          "/users/:username (PUT)",
+          "/users/:username/preferences/badge_title (PUT)",
+          "/users/:username/preferences/avatar/pick (PUT)",
+          "/users/:username/preferences/avatar/select (PUT)",
+          "/users/:username/feature-topic (PUT)",
+          "/users/:username/clear-featured-topic (PUT)",
+          "/u/:username (PUT)",
+          "/u/:username/preferences/badge_title (PUT)",
+          "/u/:username/preferences/avatar/pick (PUT)",
+          "/u/:username/preferences/avatar/select (PUT)",
+          "/u/:username/feature-topic (PUT)",
+          "/u/:username/clear-featured-topic (PUT)",
+        )
       end
     end