From b525f0948709fe0a15499f26a401444ab6edf9ec Mon Sep 17 00:00:00 2001 From: dogeystamp Date: Tue, 13 Jun 2023 11:44:58 -0400 Subject: [PATCH] anon users are now allowed in admin endpoints --- sachet/server/admin/views.py | 6 +++--- sachet/server/users/views.py | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sachet/server/admin/views.py b/sachet/server/admin/views.py index f70dd5a..118a1a9 100644 --- a/sachet/server/admin/views.py +++ b/sachet/server/admin/views.py @@ -9,17 +9,17 @@ admin_blueprint = Blueprint("admin_blueprint", __name__) class ServerSettingsAPI(ModelAPI): - @auth_required(required_permissions=(Permissions.ADMIN,)) + @auth_required(required_permissions=(Permissions.ADMIN,), allow_anonymous=True) def get(self, auth_user=None): settings = get_settings() return super().get(settings) - @auth_required(required_permissions=(Permissions.ADMIN,)) + @auth_required(required_permissions=(Permissions.ADMIN,), allow_anonymous=True) def patch(self, auth_user=None): settings = get_settings() return super().patch(settings) - @auth_required(required_permissions=(Permissions.ADMIN,)) + @auth_required(required_permissions=(Permissions.ADMIN,), allow_anonymous=True) def put(self, auth_user=None): settings = get_settings() return super().put(settings) diff --git a/sachet/server/users/views.py b/sachet/server/users/views.py index 54172d4..3c40aa9 100644 --- a/sachet/server/users/views.py +++ b/sachet/server/users/views.py @@ -197,12 +197,12 @@ users_blueprint.add_url_rule( class UserListAPI(ModelListAPI): - @auth_required(required_permissions=(Permissions.ADMIN,)) + @auth_required(required_permissions=(Permissions.ADMIN,), allow_anonymous=True) def post(self, auth_user=None): data = request.get_json() return super().post(User, data) - @auth_required(required_permissions=(Permissions.ADMIN,)) + @auth_required(required_permissions=(Permissions.ADMIN,), allow_anonymous=True) def get(self, auth_user=None): return super().get(User)