Add scopes to many org admin methods and remove the internal_only on ones we can now expose

endpoints/api/logs.py

@@ -5,10 +5,11 @@ from datetime import datetime, timedelta
 from endpoints.api import (resource, nickname, ApiResource, query_param, parse_args,
                            RepositoryParamResource, require_repo_admin, related_user_resource,
                            format_date, Unauthorized, NotFound, require_user_admin,
-                           internal_only, path_param)
+                           internal_only, path_param, require_scope)
 from auth.permissions import AdministerOrganizationPermission, AdministerOrganizationPermission
 from auth.auth_context import get_authenticated_user
 from data import model
+from auth import scopes
 
 
 def log_view(log):
@@ -64,7 +65,6 @@ def get_logs(start_time, end_time, performer_name=None, repository=None, namespa
 
 @resource('/v1/repository/<repopath:repository>/logs')
 @path_param('repository', 'The full path of the repository. e.g. namespace/name')
-@internal_only
 class RepositoryLogs(RepositoryParamResource):
   """ Resource for fetching logs for the specific repository. """
   @require_repo_admin
@@ -105,7 +105,6 @@ class UserLogs(ApiResource):
 
 @resource('/v1/organization/<orgname>/logs')
 @path_param('orgname', 'The name of the organization')
-@internal_only
 @related_user_resource(UserLogs)
 class OrgLogs(ApiResource):
   """ Resource for fetching logs for the entire organization. """
@@ -114,6 +113,7 @@ class OrgLogs(ApiResource):
   @query_param('starttime', 'Earliest time from which to get logs. (%m/%d/%Y %Z)', type=str)
   @query_param('endtime', 'Latest time to which to get logs. (%m/%d/%Y %Z)', type=str)
   @query_param('performer', 'Username for which to filter logs.', type=str)
+  @require_scope(scopes.ORG_ADMIN)
   def get(self, args, orgname):
     """ List the logs for the specified organization. """
     permission = AdministerOrganizationPermission(orgname)