Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix GET /event-types permission regression (#736)
This PR fixes a regression with the `GET /event-type` endpoint. ## Motivation In [#674](cc01b84#diff-2a76cfc85cbfeae62fdc056d281dfa9a9c61fdfcb434435b02993b5cd31ddf58), we refactored a lot of our permission logic so that the `Permission` struct was no longer extracted directly in axum handlers. Instead, a `permission::<Struct>` is extracted instead, which describes the resources the user has authorized access too. The regression was introduced [here](cc01b84#diff-2a76cfc85cbfeae62fdc056d281dfa9a9c61fdfcb434435b02993b5cd31ddf58L176). Originally, `GET /event-type` accepted the `Permission` struct directly - which effectively means any authenticated user has access, but it was changed to `permissions::Organization`, which [enforces org-only access](cc01b84#diff-6482eed99ed190ec2d1e3da2390b61e530eb26e6f8bd4d24cfa5149a95401e77R33). ## Solution Update the `GET /event-type` to accept any authenticated user. Conceptually this maps to `permissions::ReadAll`, which is equivalent to the original code where the `Permission` struct was extracted directly in the Axum handler.
- Loading branch information