From 92759c9fef799ba17a9d17df52fd54bf24378dbe Mon Sep 17 00:00:00 2001
From: Joe Schneider <joeschneider@invenshure.com>
Date: Wed, 5 Aug 2015 16:28:34 -0500
Subject: [PATCH] Restrict /file endpoint to POST method

---
 api.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/api.py b/api.py
index f343446c..27f07a60 100644
--- a/api.py
+++ b/api.py
@@ -46,7 +46,7 @@ routes = [
         webapp2.Route(r'/groups',                                   projects.Projects, handler_method='groups', methods=['GET']),
         webapp2.Route(r'/schema',                                   projects.Project, handler_method='schema', methods=['GET']),
         webapp2.Route(r'/<:[0-9a-f]{24}>',                          projects.Project, name='project'),
-        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     projects.Project, handler_method='file'),
+        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     projects.Project, handler_method='file', methods=['POST']),
         webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>',            projects.Project, handler_method='file'),
         webapp2.Route(r'/<pid:[0-9a-f]{24}>/sessions',              sessions.Sessions, name='p_sessions'),
     ]),
@@ -56,7 +56,7 @@ routes = [
         webapp2.Route(r'/curators',                                 collections_.Collections, handler_method='curators', methods=['GET']),
         webapp2.Route(r'/schema',                                   collections_.Collection, handler_method='schema', methods=['GET']),
         webapp2.Route(r'/<:[0-9a-f]{24}>',                          collections_.Collection, name='collection'),
-        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     collections_.Collection, handler_method='file'),
+        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     collections_.Collection, handler_method='file', methods=['POST']),
         webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>',            collections_.Collection, handler_method='file'),
         webapp2.Route(r'/<:[0-9a-f]{24}>/sessions',                 collections_.CollectionSessions, name='coll_sessions'),
         webapp2.Route(r'/<:[0-9a-f]{24}>/acquisitions',             collections_.CollectionAcquisitions, name='coll_acquisitions'),
@@ -66,7 +66,7 @@ routes = [
         webapp2.Route(r'/count',                                    sessions.Sessions, handler_method='count', methods=['GET']),
         webapp2.Route(r'/schema',                                   sessions.Session, handler_method='schema', methods=['GET']),
         webapp2.Route(r'/<:[0-9a-f]{24}>',                          sessions.Session, name='session'),
-        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     sessions.Session, handler_method='file'),
+        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     sessions.Session, handler_method='file', methods=['POST']),
         webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>',            sessions.Session, handler_method='file'),
         webapp2.Route(r'/<:[0-9a-f]{24}>/acquisitions',             acquisitions.Acquisitions, name='acquisitions'),
     ]),
@@ -74,7 +74,7 @@ routes = [
         webapp2.Route(r'/count',                                    acquisitions.Acquisitions, handler_method='count', methods=['GET']),
         webapp2.Route(r'/schema',                                   acquisitions.Acquisition, handler_method='schema', methods=['GET']),
         webapp2.Route(r'/<:[0-9a-f]{24}>',                          acquisitions.Acquisition, name='acquisition'),
-        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     acquisitions.Acquisition, handler_method='file'),
+        webapp2.Route(r'/<:[0-9a-f]{24}>/file',                     acquisitions.Acquisition, handler_method='file', methods=['POST']),
         webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>',            acquisitions.Acquisition, handler_method='file'),
         webapp2.Route(r'/<:[0-9a-f]{24}>/tile',                     acquisitions.Acquisition, handler_method='get_tile', methods=['GET']),
     ]),
-- 
GitLab