fix: permission for /metadata/json:submit needed

given that anyone can create an account via ORCiD.
microbiomedata · Dec 13, 2023 · 93411e5 · 93411e5
1 parent 5708461
commit 93411e5
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/nmdc_runtime/api/endpoints/metadata.py b/nmdc_runtime/api/endpoints/metadata.py
@@ -239,6 +239,11 @@ async def submit_json_nmdcdb(
     Submit a NMDC JSON Schema "nmdc:Database" object.
 
     """
+    if not permitted(user.username, "/metadata/json:submit"):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Only specific users are allowed to submit json at this time.",
+        )
     rv = validate_json(docs, mdb)
     if rv["result"] == "errors":
         raise HTTPException(

diff --git a/nmdc_runtime/api/main.py b/nmdc_runtime/api/main.py
@@ -302,16 +302,12 @@ def ensure_default_api_perms():
     allowed = {
         "/metadata/changesheets:submit": [
             "admin",
-            "dwinston",
-            "mam",
-            "montana",
-            "pajau",
-            "spatil",
         ],
         "/queries:run(query_cmd:DeleteCommand)": [
             "admin",
-            "dwinston",
-            "scanon",
+        ],
+        "/metadata/json:submit": [
+            "admin",
         ],
     }
     for doc in [