2024-04-10 20:59:57 +02:00
|
|
|
- `user`
|
|
|
|
- `user.read_hidden`: read current user's hidden data.
|
|
|
|
This includes data such as timezone and whether the user's member list is hidden.
|
|
|
|
- `user.read_privileged`: read privileged user data such as authentication methods
|
|
|
|
- `user.update`: update current user. This scope cannot update privileged data. This scope implies `user.read_hidden`.
|
|
|
|
- `member`
|
|
|
|
- `member.read`: read member list, even if it's hidden, including hidden members.
|
|
|
|
- `member.update`: update and delete existing members.
|
|
|
|
While `update` and `delete` could be separate, that might lull users into a false sense of security,
|
|
|
|
as it would still be possible to clear members and scramble their names,
|
|
|
|
which would be equivalent to `delete` anyway.
|
|
|
|
- `member.create`: create new members
|