#739 incognito fix - throw 401 unauthorized without token

OpenSourceBrain · Dec 25, 2023 · 071f56e · 071f56e
1 parent 7d3ead3
commit 071f56e
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/applications/workspaces/server/workspaces/service/crud_service.py b/applications/workspaces/server/workspaces/service/crud_service.py
@@ -237,6 +237,8 @@ def clone(self, workspace_id):
 
     def is_authorized(self, workspace):
         current_user_id = keycloak_user_id()
+        if not current_user_id:
+            return False
         return workspace and (workspace.publicable or
                               (workspace.user_id and workspace.user_id == current_user_id) or
                               (get_auth_client().user_has_realm_role(user_id=current_user_id, role="administrator")))
@@ -299,6 +301,8 @@ def to_dao(cls, d: dict) -> TWorkspaceEntity:
     def get(self, id_):
 
         workspace: Workspace = super().get(id_)
+        if not self.is_authorized(workspace):
+            raise NotAuthorized()
 
         if any(wr.status == ResourceStatus.P for wr in workspace.resources):
             fake_path = f"Importing resources"