@@ 125,11 125,12 @@ def artifacts_by_job_id_GET(job_id):
return paginated_response(Artifact.id, artifacts)
@api.route("/api/jobs/<int:job_id>/manifest")
+@oauth("jobs:read")
def jobs_by_id_manifest_GET(job_id):
job = Job.query.filter(Job.id == job_id).first()
if not job:
abort(404)
- if job.visibility == Visibility.PRIVATE and ((current_token is None) or (job.owner_id != current_token.user_id)):
+ if job.visibility == Visibility.PRIVATE and job.owner_id != current_token.user_id:
abort(404) # TODO: ACLs
return Response(job.manifest, content_type="text/plain")