Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 07:37:08 +00:00
Code Issues Packages Projects Releases Activity

Ensure users have at least read access to most endpoints

Browse Source
This commit is contained in:
D. Berge
2025-07-11 22:49:28 +02:00
parent ca4a14ffd9
commit b035d3481c
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/www/server/api/index.js
View File

@@ -94,6 +94,8 @@ app.map({
// WARNING Every route from here onwards requires authentication!
//
app.use(mw.auth.authentify);
// Read access required for anything below here
app.use(mw.auth.access.read);
// Don't process the request if the data hasn't changed
app.use(mw.etag.ifNoneMatch);
@@ -101,7 +103,7 @@ app.use(mw.etag.ifNoneMatch);
// We must be authenticated before we can access these
app.map({
'/project': {
get: [ mw.project.get ], // Get list of projects
get: [ mw.project.get ], // Get list of projects, filtered by `read` access
post: [ mw.auth.access.admin, mw.project.post ], // Create a new project
},
'/project/:project': {