## Abhängigkeitsbaum und Scopes { #dependency-tree-and-scopes }

Sehen wir uns diesen Abhängigkeitsbaum und die Scopes noch einmal an.

Da die Abhängigkeit `get_current_active_user` von `get_current_user` abhängt, wird der bei `get_current_active_user` deklarierte Scope `"me"` in die Liste der erforderlichen Scopes in `security_scopes.scopes` aufgenommen, das an `get_current_user` übergeben wird.

Nevertheless, you still enforce those scopes, or any other security/authorization requirement, however you need, in your code.

In many cases, OAuth2 with scopes can be an overkill.

But if you know you need it, or you are curious, keep reading.

///

## OAuth2 scopes and OpenAPI { #oauth2-scopes-and-openapi }

Для этого используем `security_scopes.scopes`, содержащий `list` со всеми этими scopes как `str`.

{* ../../docs_src/security/tutorial005_an_py310.py hl[130:136] *}

## Дерево зависимостей и scopes { #dependency-tree-and-scopes }

Ещё раз рассмотрим дерево зависимостей и scopes.

                        * `security_scopes` 参数的属性 `scopes` 是包含上述声明的所有作用域的**列表**，因此：
                            * `security_scopes.scopes` 包含用于*路径操作*的 `["me", "items"]`
                            * `security_scopes.scopes` 包含*路径操作* `read_users_me` 的 `["me"]`，因为它在依赖项里被声明
                            * `security_scopes.scopes` 包含用于*路径操作* `read_system_status` 的 `[]`（空列表），并且它的依赖项 `get_current_user` 也没有声明任何 `scope`

/// tip | 提示

/// tip | Dica

A coisa importante e "mágica" aqui é que `get_current_user` terá diferentes listas de `scopes` para validar para cada *operação de rota*.

        if (scopeId == null || scopeId.isEmpty()) {
            scope = DependencyScope.COMPILE;
        } else {
            scope = DependencyScope.forId(scopeId);
        }
        return scope == null || !scope.isTransitive();
    }

    private Dependency merge(Dependency dep1, Dependency dep2) {
        throw new IllegalArgumentException("Duplicate dependency: " + getDependencyKey(dep1));
    }

        this.scopedVertices = scopedVertices;

        // scoped graph is versioned by definition
        if (scopedVertices) {
            versionedVertices = true;
        }
    }

    public ArtifactScopeEnum getScope() {
        return scope;
    }

    public void setScope(ArtifactScopeEnum scope) {
        this.scope = scope;
    }

        data = {}
        data["scopes"] = []
        for scope in form_data.scopes:
            data["scopes"].append(scope)
        if form_data.client_id:
            data["client_id"] = form_data.client_id
        if form_data.client_secret:
            data["client_secret"] = form_data.client_secret
        return data
    ```

    Note that for OAuth2 the scope `items:read` is a single scope in an opaque string.

		}

		if scopeList := getCfgVal(Scopes); scopeList != "" {
			var scopes []string
			for scope := range strings.SplitSeq(scopeList, ",") {
				scope = strings.TrimSpace(scope)
				if scope == "" {
					return c, config.Errorf("empty scope value is not allowed '%s', please refer to our documentation", scopeList)
				}
				scopes = append(scopes, scope)
			}

### <abbr title="Geltungsbereich">`scope`</abbr> { #scope }

Ferner sagt die Spezifikation, dass der Client ein weiteres Formularfeld "`scope`" („Geltungsbereich“) senden kann.

Der Name des Formularfelds lautet `scope` (im Singular), tatsächlich handelt es sich jedoch um einen langen String mit durch Leerzeichen getrennten „Scopes“.

Jeder „Scope“ ist nur ein String (ohne Leerzeichen).