From 63cbb672711882cd6e8ab2575531780c9cf0d170 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Sat, 9 Dec 2023 10:36:38 +0100 Subject: [PATCH] builds.sr.ht: fix /api/.../manifest for logged out user --- buildsrht/blueprints/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildsrht/blueprints/api.py b/buildsrht/blueprints/api.py index e0ad7d0..accd25a 100644 --- a/buildsrht/blueprints/api.py +++ b/buildsrht/blueprints/api.py @@ -129,7 +129,7 @@ def jobs_by_id_manifest_GET(job_id): job = Job.query.filter(Job.id == job_id).first() if not job: abort(404) - if job.visibility == Visibility.PRIVATE and job.owner_id != current_token.user_id: + if job.visibility == Visibility.PRIVATE and (current_user is None or job.owner_id != current_token.user_id): abort(404) # TODO: ACLs return Response(job.manifest, content_type="text/plain") -- 2.38.5