major security fix: adding api keys should be admin-only

This commit is contained in:
jesopo 2019-10-18 15:17:04 +01:00
parent f7d34e16bb
commit 4391176c7f

View file

@ -193,6 +193,7 @@ class Module(ModuleManager.BaseModule):
@utils.kwarg("usage", "add <alias> [endpoint [endpoint ...]]") @utils.kwarg("usage", "add <alias> [endpoint [endpoint ...]]")
@utils.kwarg("usage", "remove <alias>") @utils.kwarg("usage", "remove <alias>")
@utils.kwarg("usage", "info <alias>") @utils.kwarg("usage", "info <alias>")
@utils.kwarg("permission", "apikey")
def apikey(self, event): def apikey(self, event):
subcommand = event["args_split"][0].lower() subcommand = event["args_split"][0].lower()
alias = None alias = None