Skip to content

Commit

Permalink
fix(api): add scopes for persons api access (#24528)
Browse files Browse the repository at this point in the history
  • Loading branch information
@thmsobrmlr
thmsobrmlr authored Aug 23, 2024
1 parent eca510d commit e0bba1e
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions posthog/api/person.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ def destroy(self, request: request.Request, pk=None, **kwargs):
except Person.DoesNotExist:
raise NotFound(detail="Person not found.")

@action(methods=["GET"], detail=False)
@action(methods=["GET"], detail=False, required_scopes=["person:read"])
def values(self, request: request.Request, **kwargs) -> response.Response:
key = request.GET.get("key")
value = request.GET.get("value")
Expand Down Expand Up @@ -434,7 +434,7 @@ def _get_person_property_values_for_key(self, key, value):

return result

@action(methods=["POST"], detail=True)
@action(methods=["POST"], detail=True, required_scopes=["person:write"])
def split(self, request: request.Request, pk=None, **kwargs) -> response.Response:
person: Person = self.get_object()
distinct_ids = person.distinct_ids
Expand Down Expand Up @@ -479,7 +479,7 @@ def split(self, request: request.Request, pk=None, **kwargs) -> response.Respons
),
]
)
@action(methods=["POST"], detail=True)
@action(methods=["POST"], detail=True, required_scopes=["person:write"])
def update_property(self, request: request.Request, pk=None, **kwargs) -> response.Response:
if request.data.get("value") is None:
return Response(
Expand Down Expand Up @@ -514,7 +514,7 @@ def update_property(self, request: request.Request, pk=None, **kwargs) -> respon
),
]
)
@action(methods=["POST"], detail=True)
@action(methods=["POST"], detail=True, required_scopes=["person:write"])
def delete_property(self, request: request.Request, pk=None, **kwargs) -> response.Response:
person: Person = get_pk_or_uuid(Person.objects.filter(team_id=self.team_id), pk).get()

Expand Down Expand Up @@ -567,7 +567,7 @@ def cohorts(self, request: request.Request) -> response.Response:

return response.Response({"results": CohortSerializer(cohorts, many=True).data})

@action(methods=["GET"], url_path="activity", detail=False)
@action(methods=["GET"], url_path="activity", detail=False, required_scopes=["activity_log:read"])
def all_activity(self, request: request.Request, **kwargs):
limit = int(request.query_params.get("limit", "10"))
page = int(request.query_params.get("page", "1"))
Expand Down

0 comments on commit e0bba1e

Please sign in to comment.