Make permissions for AJAX dashboard backend match

If you don’t have permission to see the HTML dashboard, you shouldn’t be able to see the JSON one.
2026-06-20 05:02:30 -04:00 · 2016-04-25 11:23:45 +01:00
parent 7b540fe10b
commit 22ebc2ece5
1 changed files with 1 additions and 0 deletions
--- a/app/main/views/dashboard.py
+++ b/app/main/views/dashboard.py
@@ -57,6 +57,7 @@ def service_dashboard(service_id):

@main.route("/services/<service_id>/dashboard.json")
@login_required
+@user_has_permissions('view_activity', admin_override=True)
 def service_dashboard_updates(service_id):
    return jsonify(**{
        'today': render_template(