routing is not a write operation

2023-12-03 20:06:16 +01:00 · 2023-12-03 20:06:16 +01:00 · ed94b81ecb
commit ed94b81ecb
parent 499eb0d1eb
2 changed files with 3 additions and 3 deletions
--- a/src/c3nav/api/newauth.py
+++ b/src/c3nav/api/newauth.py
@ -71,7 +71,7 @@ class APITokenAuth(HttpBearer):
            request.user = user
            return NewAPIAuth(
                method=APIAuthMethod.SESSION,
-                readonly=True,
+                readonly=False,
            )
        elif token.startswith("secret:"):
            try:
--- a/src/c3nav/routing/newapi/routing.py
+++ b/src/c3nav/routing/newapi/routing.py
@ -10,7 +10,7 @@ from ninja import Schema
 from pydantic import PositiveInt

 from c3nav.api.exceptions import APIRequestValidationFailed
-from c3nav.api.newauth import auth_responses, validate_responses
+from c3nav.api.newauth import auth_responses, validate_responses, APITokenAuth
 from c3nav.api.utils import NonEmptyStr
 from c3nav.mapdata.api import api_stats_clean_location_value
 from c3nav.mapdata.models.access import AccessPermission
@ -110,7 +110,7 @@ def get_request_pk(location):
    return location.slug if isinstance(location, Position) else location.pk


-@routing_api_router.post('/route/', summary="query route",
+@routing_api_router.post('/route/', summary="query route", auth=APITokenAuth(is_readonly=True),
                         description="query route between two locations",
                         response={200: RouteResponse | NoRouteResponse, **validate_responses, **auth_responses})
 # todo: route failure responses