darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-27 09:29:22 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix a bug were the user_has_permission.

Browse Source 
This is an immediate fix to add the permission checks to the callback page.
However, we have a plan to add a unit test to check for permission introspectively for all routes that have service_id.
This commit is contained in:
Rebecca Law
2019-06-27 12:20:58 +01:00
parent 149003c52c
commit 21c23c276f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/main/views/api_keys.py
View File

@@ -169,6 +169,7 @@ def check_token_against_dummy_bearer(token):
@main.route("/services/<service_id>/api/callbacks", methods=['GET'])
@login_required
@user_has_permissions('manage_api_keys')
def api_callbacks(service_id):
if not current_service.has_permission('inbound_sms'):
return redirect(url_for('.delivery_status_callback', service_id=service_id))
@@ -193,6 +194,7 @@ def get_delivery_status_callback_details():
@main.route("/services/<service_id>/api/callbacks/delivery-status-callback", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_api_keys')
def delivery_status_callback(service_id):
delivery_status_callback = get_delivery_status_callback_details()
back_link = (
@@ -255,6 +257,7 @@ def get_received_text_messages_callback():
@main.route("/services/<service_id>/api/callbacks/received-text-messages-callback", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_api_keys')
def received_text_messages_callback(service_id):
if not current_service.has_permission('inbound_sms'):
return redirect(url_for('.api_integration', service_id=service_id))