From f5ee7a66971f01329ed79038d61470ba49e6ff1b Mon Sep 17 00:00:00 2001
From: Jake Moshenko <jake@Jakes-MacBook-Pro.local>
Date: Wed, 15 Jul 2015 18:13:15 -0400
Subject: [PATCH] Make the scopes dynamic based on app config.

---
 auth/scopes.py             | 16 +++++++++++-----
 endpoints/api/discovery.py |  3 ++-
 endpoints/common.py        |  2 +-
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/auth/scopes.py b/auth/scopes.py
index 23587d1b3..00633406d 100644
--- a/auth/scopes.py
+++ b/auth/scopes.py
@@ -69,8 +69,8 @@ SUPERUSER = Scope(scope='super:user',
                                'absolute trust in the requesting application before granting this '
                                'permission.'))
 
-ALL_SCOPES = {scope.scope:scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
-                                              READ_USER, ORG_ADMIN)}
+ALL_SCOPES = {scope.scope: scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
+                                               READ_USER, ORG_ADMIN, SUPERUSER)}
 
 IMPLIED_SCOPES = {
   ADMIN_REPO: {ADMIN_REPO, WRITE_REPO, READ_REPO},
@@ -79,12 +79,18 @@ IMPLIED_SCOPES = {
   CREATE_REPO: {CREATE_REPO},
   READ_USER: {READ_USER},
   ORG_ADMIN: {ORG_ADMIN},
+  SUPERUSER: {SUPERUSER},
   None: set(),
 }
 
-if features.SUPER_USERS:
-  ALL_SCOPES[SUPERUSER.scope] = SUPERUSER
-  IMPLIED_SCOPES[SUPERUSER] = {SUPERUSER}
+
+def app_scopes(app_config):
+  if not app_config.get('FEATURE_SUPER_USERS', False):
+    scopes_from_config = dict(ALL_SCOPES)
+    del scopes_from_config[SUPERUSER.scope]
+    return scopes_from_config
+  return ALL_SCOPES
+
 
 def scopes_from_scope_string(scopes):
   if not scopes:
diff --git a/endpoints/api/discovery.py b/endpoints/api/discovery.py
index 210410996..e8d3a3e47 100644
--- a/endpoints/api/discovery.py
+++ b/endpoints/api/discovery.py
@@ -220,7 +220,8 @@ def swagger_route_data(include_internal=False, compact=False):
         "type": "oauth2",
         "flow": "implicit",
         "authorizationUrl": "%s://%s/oauth/authorize" % (PREFERRED_URL_SCHEME, SERVER_HOSTNAME),
-        'scopes': {scope.scope:scope.description for scope in scopes.ALL_SCOPES.values()},
+        'scopes': {scope.scope:scope.description
+                   for scope in scopes.app_scopes(app.config).values()},
       },
     },
     'paths': paths,
diff --git a/endpoints/common.py b/endpoints/common.py
index 131c9f080..3fdc78baf 100644
--- a/endpoints/common.py
+++ b/endpoints/common.py
@@ -182,7 +182,7 @@ def render_page_template(name, **kwargs):
                                        feature_set=json.dumps(features.get_features()),
                                        config_set=json.dumps(getFrontendVisibleConfig(app.config)),
                                        oauth_set=json.dumps(get_oauth_config()),
-                                       scope_set=json.dumps(scopes.ALL_SCOPES),
+                                       scope_set=json.dumps(scopes.app_scopes(app.config)),
                                        mixpanel_key=app.config.get('MIXPANEL_KEY', ''),
                                        google_analytics_key=app.config.get('GOOGLE_ANALYTICS_KEY', ''),
                                        sentry_public_dsn=app.config.get('SENTRY_PUBLIC_DSN', ''),