gateway: show run/tasks/steps if the project is public

If the project is public don't require the user to be logged in to show the run/tasks/logs
2019-07-01 16:40:02 +02:00 · 2019-07-01 16:40:02 +02:00 · 5c2bf8642f
parent 8d67844cc4
commit 5c2bf8642f
2 changed files with 5 additions and 5 deletions
--- a/internal/services/gateway/action/auth.go
+++ b/internal/services/gateway/action/auth.go
@ -194,13 +194,13 @@ func (h *ActionHandler) CanGetRun(ctx context.Context, runGroup string) (bool, e
 		visibility = types.VisibilityPrivate
 	}

+	if visibility == types.VisibilityPublic {
+		return true, nil
+	}
 	isProjectMember, err := h.IsProjectMember(ctx, ownerType, ownerID)
 	if err != nil {
 		return false, errors.Errorf("failed to determine ownership: %w", err)
 	}
-	if visibility == types.VisibilityPublic {
-		return true, nil
-	}
 	if !isProjectMember {
 		return false, nil
 	}
--- a/internal/services/gateway/gateway.go
+++ b/internal/services/gateway/gateway.go
@ -286,9 +286,9 @@ func (g *Gateway) Run(ctx context.Context) error {
 	apirouter.Handle("/orgs/{orgref}/members/{userref}", authForcedHandler(addOrgMemberHandler)).Methods("PUT")
 	apirouter.Handle("/orgs/{orgref}/members/{userref}", authForcedHandler(removeOrgMemberHandler)).Methods("DELETE")

-	apirouter.Handle("/runs/{runid}", authForcedHandler(runHandler)).Methods("GET")
+	apirouter.Handle("/runs/{runid}", authOptionalHandler(runHandler)).Methods("GET")
 	apirouter.Handle("/runs/{runid}/actions", authForcedHandler(runActionsHandler)).Methods("PUT")
-	apirouter.Handle("/runs/{runid}/tasks/{taskid}", authForcedHandler(runtaskHandler)).Methods("GET")
+	apirouter.Handle("/runs/{runid}/tasks/{taskid}", authOptionalHandler(runtaskHandler)).Methods("GET")
 	apirouter.Handle("/runs/{runid}/tasks/{taskid}/actions", authForcedHandler(runTaskActionsHandler)).Methods("PUT")
 	apirouter.Handle("/runs", authForcedHandler(runsHandler)).Methods("GET")