From 468badf423e39ef813f74eb2090887ed781c3763 Mon Sep 17 00:00:00 2001 From: Conrad Hoffmann Date: Mon, 11 Dec 2023 12:57:54 +0100 Subject: [PATCH] api/job_by_id_manifest_GET: require oauth --- buildsrht/blueprints/api.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildsrht/blueprints/api.py b/buildsrht/blueprints/api.py index 9c1ab54..6e75bdd 100644 --- a/buildsrht/blueprints/api.py +++ b/buildsrht/blueprints/api.py @@ -125,11 +125,12 @@ def artifacts_by_job_id_GET(job_id): return paginated_response(Artifact.id, artifacts) @api.route("/api/jobs//manifest") +@oauth("jobs:read") def jobs_by_id_manifest_GET(job_id): job = Job.query.filter(Job.id == job_id).first() if not job: abort(404) - if job.visibility == Visibility.PRIVATE and ((current_token is None) or (job.owner_id != current_token.user_id)): + if job.visibility == Visibility.PRIVATE and job.owner_id != current_token.user_id: abort(404) # TODO: ACLs return Response(job.manifest, content_type="text/plain") -- 2.38.5