make ApiKeyAuth work on non-safe routes

2025-11-10 05:53:06 +00:00 · 2025-11-09 14:52:58 +01:00
parent 2e9e1b6a78
commit 075c6f16ec
7 changed files with 115 additions and 26 deletions
--- a/club/api.py
+++ b/club/api.py
@@ -16,7 +16,7 @@ class ClubController(ControllerBase):
    @route.get(
        "/search",
        response=PaginatedResponseSchema[SimpleClubSchema],
-        auth=[SessionAuth(), ApiKeyAuth()],
+        auth=[ApiKeyAuth(), SessionAuth()],
        permissions=[CanAccessLookup],
        url_name="search_club",
    )
@@ -27,7 +27,7 @@ class ClubController(ControllerBase):
    @route.get(
        "/{int:club_id}",
        response=ClubSchema,
-        auth=[SessionAuth(), ApiKeyAuth()],
+        auth=[ApiKeyAuth(), SessionAuth()],
        permissions=[HasPerm("club.view_club")],
        url_name="fetch_club",
    )