From 441ce8fe19da32d26b878f963a65a7de8f2adb88 Mon Sep 17 00:00:00 2001 From: Chad Birch Date: Mon, 3 Feb 2014 16:16:32 -0700 Subject: [PATCH] Flair list: restrict access to mods (flair perms) --- r2/r2/controllers/api.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py index f19f8ed0a..659074616 100755 --- a/r2/r2/controllers/api.py +++ b/r2/r2/controllers/api.py @@ -3096,7 +3096,10 @@ class ApiController(RedditController, OAuth2ResourceController): @require_oauth2_scope("modflair") @paginated_listing(max_page_size=1000) - @validate(user = VFlairAccount('name')) + @validate( + VSrModerator(perms='flair'), + user=VFlairAccount('name'), + ) @api_doc(api_section.flair, uses_site=True) def GET_flairlist(self, num, after, reverse, count, user): flair = FlairList(num, after, reverse, '', user)