api/job_by_id_manifest_GET: require oauth

buildsrht/blueprints/api.py

@@ -125,11 +125,12 @@ def artifacts_by_job_id_GET(job_id):
     return paginated_response(Artifact.id, artifacts)
 
 @api.route("/api/jobs/<int:job_id>/manifest")
+@oauth("jobs:read")
 def jobs_by_id_manifest_GET(job_id):
     job = Job.query.filter(Job.id == job_id).first()
     if not job:
         abort(404)
-    if job.visibility == Visibility.PRIVATE and ((current_token is None) or (job.owner_id != current_token.user_id)):
+    if job.visibility == Visibility.PRIVATE and job.owner_id != current_token.user_id:
         abort(404) # TODO: ACLs
     return Response(job.manifest, content_type="text/plain")