Fix the user API to throw the nicer 401 that the FE can handle.

This commit is contained in:
jakedt 2014-03-25 17:58:19 -04:00
parent f1a7f86780
commit 8538455cef

View file

@ -8,14 +8,14 @@ from flask.ext.principal import identity_changed, AnonymousIdentity
from app import app
from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
log_action, internal_only, NotFound, Unauthorized, require_user_admin,
require_user_read, InvalidToken, require_scope, format_date)
log_action, internal_only, NotFound, require_user_admin,
InvalidToken, require_scope, format_date)
from endpoints.api.subscribe import subscribe
from endpoints.common import common_login
from data import model
from data.plans import get_plan
from auth.permissions import (AdministerOrganizationPermission, CreateRepositoryPermission,
UserAdminPermission)
UserAdminPermission, UserReadPermission)
from auth.auth_context import get_authenticated_user
from auth import scopes
from util.gravatar import compute_hash
@ -126,12 +126,12 @@ class User(ApiResource):
},
}
@require_user_read
@require_scope(scopes.READ_USER)
@nickname('getLoggedInUser')
def get(self):
""" Get user information for the authenticated user. """
user = get_authenticated_user()
if user is None or user.organization:
if user is None or user.organization or not UserReadPermission(user.username).can():
raise InvalidToken("Requires authentication", payload={'session_required': False})
return user_view(user)