Loosen key restriction on get notification

Currently getting a single notification by ID is restricted to notifications created with the same key type. This makes things awkward for the functional tests now we’ve removed the ability to create live keys in trial mode. So this commit removes the restriction, so that any key can get any notification, no matter how it was created. And you’re never going to guess a UUID, so the chances of this giving you privileged access to someone’s personal information is none. This does not change the get all notifications endpoint, which absolutely should be restricted by key type.
2026-02-03 09:51:11 -05:00 · 2016-10-10 17:29:38 +01:00
parent 88362cb075
commit 717e73a9f7
2 changed files with 3 additions and 6 deletions
--- a/app/notifications/rest.py
+++ b/app/notifications/rest.py
@@ -159,7 +159,7 @@ def process_firetext_response():
 def get_notification_by_id(notification_id):
    notification = notifications_dao.get_notification_with_personalisation(str(api_user.service_id),
                                                                           notification_id,
-                                                                           key_type=api_user.key_type)
+                                                                           key_type=None)
    return jsonify(data={"notification": notification_with_personalisation_schema.dump(notification).data}), 200