From 4391176c7fd4688fbbd85d2497fb1c3a762fb74a Mon Sep 17 00:00:00 2001
From: jesopo
Date: Fri, 18 Oct 2019 15:17:04 +0100
Subject: major security fix: adding api keys should be admin-only

---
 modules/rest_api.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/rest_api.py')

diff --git a/modules/rest_api.py b/modules/rest_api.py
index abf947e9..7542a607 100644
--- a/modules/rest_api.py
+++ b/modules/rest_api.py
@@ -193,6 +193,7 @@ class Module(ModuleManager.BaseModule):
     @utils.kwarg("usage", "add <alias> [endpoint [endpoint ...]]")
     @utils.kwarg("usage", "remove <alias>")
     @utils.kwarg("usage", "info <alias>")
+    @utils.kwarg("permission", "apikey")
     def apikey(self, event):
         subcommand = event["args_split"][0].lower()
         alias = None
-- 
cgit v1.3.1-10-gc9f91