Fix the user API to throw the nicer 401 that the FE can handle.
This commit is contained in:
jakedt
parent
f1a7f86780
commit
8538455cef
1 changed files with 5 additions and 5 deletions
|
|
@ -8,14 +8,14 @@ from flask.ext.principal import identity_changed, AnonymousIdentity
|
|||
|
||||
from app import app
|
||||
from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
|
||||
log_action, internal_only, NotFound, Unauthorized, require_user_admin,
|
||||
require_user_read, InvalidToken, require_scope, format_date)
|
||||
log_action, internal_only, NotFound, require_user_admin,
|
||||
InvalidToken, require_scope, format_date)
|
||||
from endpoints.api.subscribe import subscribe
|
||||
from endpoints.common import common_login
|
||||
from data import model
|
||||
from data.plans import get_plan
|
||||
from auth.permissions import (AdministerOrganizationPermission, CreateRepositoryPermission,
|
||||
UserAdminPermission)
|
||||
UserAdminPermission, UserReadPermission)
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
from util.gravatar import compute_hash
|
||||
|
|
@ -126,12 +126,12 @@ class User(ApiResource):
|
|||
},
|
||||
}
|
||||
|
||||
@require_user_read
|
||||
@require_scope(scopes.READ_USER)
|
||||
@nickname('getLoggedInUser')
|
||||
def get(self):
|
||||
""" Get user information for the authenticated user. """
|
||||
user = get_authenticated_user()
|
||||
if user is None or user.organization:
|
||||
if user is None or user.organization or not UserReadPermission(user.username).can():
|
||||
raise InvalidToken("Requires authentication", payload={'session_required': False})
|
||||
|
||||
return user_view(user)
|
||||
|
|
|
|||
Reference in a new issue