Allow field retrieval if not logged in
hobofan opened this issue · comments
When trying to set up integration tests for plow protege
/plow update
, I ran into the problem that apparently on the /v1/artifact/signed-url/<cksum>
route, requests without a valid token are not authorized, even for public fields.
Things to do here:
- Adjust backend so that requests for fields without an
Authorization
header are permitted - Adjust the logic in
plow_cli/src/resolve.rs
to not send anAuthorization
header if the field to be retrieved is public
Looks like this might be doable without backend changes by using the /v1/artifact/signed-url-by-field-hash/<cksum>
route.