From fa7ffd9d1594a5bc9dba4fc65af0a4100988341b Mon Sep 17 00:00:00 2001 From: Fabian Mastenbroek Date: Fri, 2 Jul 2021 16:47:40 +0200 Subject: api: Restrict API scopes This change adds support for restricting API scopes in the OpenDC API server. This is necessary to make a distinction between runners and regular users. --- opendc-web/opendc-web-api/opendc/api/jobs.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'opendc-web/opendc-web-api/opendc/api/jobs.py') diff --git a/opendc-web/opendc-web-api/opendc/api/jobs.py b/opendc-web/opendc-web-api/opendc/api/jobs.py index 5feaea16..6fb0522b 100644 --- a/opendc-web/opendc-web-api/opendc/api/jobs.py +++ b/opendc-web/opendc-web-api/opendc/api/jobs.py @@ -22,7 +22,7 @@ from flask_restful import Resource from marshmallow import fields, Schema, validate from werkzeug.exceptions import BadRequest, Conflict -from opendc.exts import requires_auth +from opendc.exts import requires_auth, requires_scope from opendc.models.scenario import Scenario @@ -54,7 +54,7 @@ class JobList(Resource): """ Resource representing the list of available jobs. """ - method_decorators = [requires_auth] + method_decorators = [requires_auth, requires_scope('runner')] def get(self): """Get all available jobs.""" @@ -67,7 +67,7 @@ class Job(Resource): """ Resource representing a single job. """ - method_decorators = [requires_auth] + method_decorators = [requires_auth, requires_scope('runner')] def get(self, job_id): """Get the details of a single job.""" -- cgit v1.2.3