@@ -270,11 +270,11 @@ export async function createNotebooksRouter(
270270 '/v1' ,
271271 createIdentityMiddleware ( httpAuth , userInfo , logger ) ,
272272 ) ;
273- notebooksRouter . use ( '/v1' , requireNotebooksPermission ) ;
274273
275274 notebooksRouter . post (
276275 '/v1/sessions' ,
277276 generalRateLimiter ,
277+ requireNotebooksPermission ,
278278 withAuth ( async ( req , res , userId ) => {
279279 const { name, description, metadata } = req . body ;
280280 if ( ! name ) {
@@ -294,6 +294,7 @@ export async function createNotebooksRouter(
294294 notebooksRouter . get (
295295 '/v1/sessions' ,
296296 generalRateLimiter ,
297+ requireNotebooksPermission ,
297298 withAuth ( async ( _req , res , userId ) => {
298299 const sessions = await sessionService . listSessions ( userId ) ;
299300 res . json ( createSessionListResponse ( sessions ) ) ;
@@ -303,6 +304,7 @@ export async function createNotebooksRouter(
303304 notebooksRouter . get (
304305 '/v1/sessions/:sessionId' ,
305306 generalRateLimiter ,
307+ requireNotebooksPermission ,
306308 withAuth ( async ( req , res , userId ) => {
307309 const { sessionId } = req . params ;
308310 const session = await sessionService . readSession ( sessionId , userId ) ;
@@ -315,6 +317,7 @@ export async function createNotebooksRouter(
315317 notebooksRouter . put (
316318 '/v1/sessions/:sessionId' ,
317319 generalRateLimiter ,
320+ requireNotebooksPermission ,
318321 withAuth ( async ( req , res , userId ) => {
319322 const { sessionId } = req . params ;
320323 const { name, description, metadata } = req . body ;
@@ -332,6 +335,7 @@ export async function createNotebooksRouter(
332335 notebooksRouter . delete (
333336 '/v1/sessions/:sessionId' ,
334337 generalRateLimiter ,
338+ requireNotebooksPermission ,
335339 withAuth ( async ( req , res , userId ) => {
336340 const { sessionId } = req . params ;
337341 await sessionService . deleteSession ( sessionId , userId ) ;
@@ -347,6 +351,7 @@ export async function createNotebooksRouter(
347351 notebooksRouter . get (
348352 '/v1/sessions/:sessionId/documents' ,
349353 generalRateLimiter ,
354+ requireNotebooksPermission ,
350355 requireSessionOwnership ( ) ,
351356 withAuth ( async ( req , res ) => {
352357 const { sessionId } = req . params ;
@@ -362,6 +367,7 @@ export async function createNotebooksRouter(
362367 notebooksRouter . put (
363368 '/v1/sessions/:sessionId/documents' ,
364369 expensiveRateLimiter ,
370+ requireNotebooksPermission ,
365371 upload . single ( 'file' ) as any ,
366372 withAuth ( async ( req , res , userId ) => {
367373 const { sessionId } = req . params ;
@@ -413,6 +419,7 @@ export async function createNotebooksRouter(
413419 notebooksRouter . get (
414420 '/v1/sessions/:sessionId/documents/:documentId/status' ,
415421 generalRateLimiter ,
422+ requireNotebooksPermission ,
416423 requireSessionOwnership ( ) ,
417424 withAuth ( async ( req , res ) => {
418425 const { sessionId, documentId } = req . params ;
@@ -432,6 +439,7 @@ export async function createNotebooksRouter(
432439 notebooksRouter . delete (
433440 '/v1/sessions/:sessionId/documents/:documentId' ,
434441 generalRateLimiter ,
442+ requireNotebooksPermission ,
435443 requireSessionOwnership ( ) ,
436444 withAuth ( async ( req , res ) => {
437445 const { sessionId, documentId } = req . params ;
@@ -457,6 +465,7 @@ export async function createNotebooksRouter(
457465 notebooksRouter . post (
458466 '/v1/sessions/:sessionId/query' ,
459467 expensiveRateLimiter ,
468+ requireNotebooksPermission ,
460469 express . json ( { limit : EXPRESS_JSON_BODY_LIMIT } ) ,
461470 withAuth ( async ( req , res , userId ) => {
462471 const { sessionId } = req . params ;
0 commit comments