From 63cbb672711882cd6e8ab2575531780c9cf0d170 Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Sat, 9 Dec 2023 10:36:38 +0100
Subject: [PATCH] builds.sr.ht: fix /api/.../manifest for logged out user

---
 buildsrht/blueprints/api.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildsrht/blueprints/api.py b/buildsrht/blueprints/api.py
index e0ad7d0..accd25a 100644
--- a/buildsrht/blueprints/api.py
+++ b/buildsrht/blueprints/api.py
@@ -129,7 +129,7 @@ def jobs_by_id_manifest_GET(job_id):
     job = Job.query.filter(Job.id == job_id).first()
     if not job:
         abort(404)
-    if job.visibility == Visibility.PRIVATE and job.owner_id != current_token.user_id:
+    if job.visibility == Visibility.PRIVATE and (current_user is None or job.owner_id != current_token.user_id):
         abort(404) # TODO: ACLs
     return Response(job.manifest, content_type="text/plain")
 
-- 
2.38.5