From 8538455cefc720c3daa2c002199866d479675b2a Mon Sep 17 00:00:00 2001 From: jakedt Date: Tue, 25 Mar 2014 17:58:19 -0400 Subject: [PATCH] Fix the user API to throw the nicer 401 that the FE can handle. --- endpoints/api/user.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/endpoints/api/user.py b/endpoints/api/user.py index 831514f80..ba245209c 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -8,14 +8,14 @@ from flask.ext.principal import identity_changed, AnonymousIdentity from app import app from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error, - log_action, internal_only, NotFound, Unauthorized, require_user_admin, - require_user_read, InvalidToken, require_scope, format_date) + log_action, internal_only, NotFound, require_user_admin, + InvalidToken, require_scope, format_date) from endpoints.api.subscribe import subscribe from endpoints.common import common_login from data import model from data.plans import get_plan from auth.permissions import (AdministerOrganizationPermission, CreateRepositoryPermission, - UserAdminPermission) + UserAdminPermission, UserReadPermission) from auth.auth_context import get_authenticated_user from auth import scopes from util.gravatar import compute_hash @@ -126,12 +126,12 @@ class User(ApiResource): }, } - @require_user_read + @require_scope(scopes.READ_USER) @nickname('getLoggedInUser') def get(self): """ Get user information for the authenticated user. """ user = get_authenticated_user() - if user is None or user.organization: + if user is None or user.organization or not UserReadPermission(user.username).can(): raise InvalidToken("Requires authentication", payload={'session_required': False}) return user_view(user)