Apply new "write:principals" scope protection

padraic-shafer · web-flow · commit 75777a23a356 · 2023-12-12T18:04:18.000-08:00
diff --git a/tiled/authn_database/migrations/versions/769180ce732e_add_write_principals_scope_to_admin.py b/tiled/authn_database/migrations/versions/769180ce732e_add_write_principals_scope_to_admin.py
@@ -22,7 +22,7 @@
 
 def upgrade():
     """
-    Add 'write:principal' scope to default 'admin' Role.
+    Add 'write:principals' scope to default 'admin' Role.
     """
     connection = op.get_bind()
     with Session(bind=connection) as db:
diff --git a/tiled/server/authentication.py b/tiled/server/authentication.py
@@ -830,7 +830,7 @@ async def principal_list(
 )
 async def create_service_principal(
     request: Request,
-    principal=Security(get_current_principal, scopes=["read:principals"]),
+    principal=Security(get_current_principal, scopes=["write:principals"]),
     db=Depends(get_database_session),
     role: str = Query(...),
 ):

Original file line number	Diff line number	Diff line change
`@@ -830,7 +830,7 @@ async def principal_list(`
`830`	`830`	`)`
`831`	`831`	`async def create_service_principal(`
`832`	`832`	`request: Request,`
`833`		`- principal=Security(get_current_principal, scopes=["read:principals"]),`
	`833`	`+ principal=Security(get_current_principal, scopes=["write:principals"]),`
`834`	`834`	`db=Depends(get_database_session),`
`835`	`835`	`role: str = Query(...),`
`836`	`836`	`):`