From 84333321d68af6a71065ae2db48e0f51f3af874a Mon Sep 17 00:00:00 2001 From: Adrian Gruntkowski Date: Mon, 1 Jul 2024 15:43:49 +0200 Subject: [PATCH] Expose listing sites via Sites API to all API keys --- lib/plausible_web/plugs/authorize_api.ex | 2 +- lib/plausible_web/router.ex | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/plausible_web/plugs/authorize_api.ex b/lib/plausible_web/plugs/authorize_api.ex index 48611f2b92d9..4f91ed903a6f 100644 --- a/lib/plausible_web/plugs/authorize_api.ex +++ b/lib/plausible_web/plugs/authorize_api.ex @@ -13,7 +13,7 @@ defmodule PlausibleWeb.AuthorizeApiPlug do alias PlausibleWeb.Api.Helpers, as: H # Scopes permitted implicitly for every API key - @implicit_scopes ["stats:read:*"] + @implicit_scopes ["stats:read:*", "sites:read:*"] def init(opts) do opts diff --git a/lib/plausible_web/router.ex b/lib/plausible_web/router.ex index e241ee6657c3..b40f518bfc59 100644 --- a/lib/plausible_web/router.ex +++ b/lib/plausible_web/router.ex @@ -185,6 +185,12 @@ defmodule PlausibleWeb.Router do scope "/api/v1/sites", PlausibleWeb.Api do pipe_through :public_api + scope assigns: %{api_scope: "sites:read:*"} do + pipe_through PlausibleWeb.AuthorizeApiPlug + + get "/:site_id", ExternalSitesController, :get_site + end + scope assigns: %{api_scope: "sites:provision:*"} do pipe_through PlausibleWeb.AuthorizeApiPlug @@ -192,7 +198,6 @@ defmodule PlausibleWeb.Router do put "/shared-links", ExternalSitesController, :find_or_create_shared_link put "/goals", ExternalSitesController, :find_or_create_goal delete "/goals/:goal_id", ExternalSitesController, :delete_goal - get "/:site_id", ExternalSitesController, :get_site put "/:site_id", ExternalSitesController, :update_site delete "/:site_id", ExternalSitesController, :delete_site end