Fix some privacy issues

2025-11-04 04:12:45 +00:00 · 2023-04-11 11:46:33 +02:00
parent 77fc8a42f1
commit 3a2295487c
27 changed files with 102 additions and 79 deletions
--- a/app/corpora/followers/json_routes.py
+++ b/app/corpora/followers/json_routes.py
@@ -1,5 +1,5 @@
 from flask import abort, jsonify, request
-from flask_login import current_user, login_required
+from flask_login import current_user
 from app import db
 from app.decorators import content_negotiation
 from app.models import (
@@ -13,7 +13,6 @@ from . import bp


@bp.route('/<hashid:corpus_id>/followers', methods=['POST'])
-@login_required
@corpus_owner_or_admin_required
@content_negotiation(consumes='application/json', produces='application/json')
 def create_corpus_followers(corpus_id):
@@ -35,7 +34,6 @@ def create_corpus_followers(corpus_id):


@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/role', methods=['PUT'])
-@login_required
@corpus_owner_or_admin_required
@content_negotiation(consumes='application/json', produces='application/json')
 def update_corpus_follower_role(corpus_id, follower_id):
@@ -58,7 +56,6 @@ def update_corpus_follower_role(corpus_id, follower_id):


@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>', methods=['DELETE'])
-@login_required
@content_negotiation(produces='application/json')
 def delete_corpus_follower(corpus_id, follower_id):
    corpus = Corpus.query.get_or_404(corpus_id)