From 96e15d285d5e02e5aae52a44c7300db921bdfd61 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 27 Jan 2014 13:55:40 -0500 Subject: [PATCH] Public building repositories should allow users to see the build status --- endpoints/api.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/endpoints/api.py b/endpoints/api.py index 21054b38b..da37c2508 100644 --- a/endpoints/api.py +++ b/endpoints/api.py @@ -1161,12 +1161,13 @@ def get_repo(namespace, repository): @api.route('/repository//build/', methods=['GET']) -@api_login_required @parse_repository_name def get_repo_builds(namespace, repository): - permission = ModifyRepositoryPermission(namespace, repository) - if permission.can(): + permission = ReadRepositoryPermission(namespace, repository) + is_public = model.repository_is_public(namespace, repository) + if permission.can() or is_public: def build_view(build_obj): + # TODO(jake): Filter these logs if the current user can only *read* the repo. if build_obj.status_url: # Delegate the status to the build node node_status = requests.get(build_obj.status_url).json() @@ -1190,7 +1191,7 @@ def get_repo_builds(namespace, repository): 'builds': [build_view(build) for build in builds] }) - abort(403) # Permissions denied + abort(403) # Permission denied @api.route('/repository//build/', methods=['POST'])