We currently have two patterns for requiring admin permissions in the API, a base class of AdminCRUDRequestHandler, and a require_permission('admin') decorator. However, there are a number of endpoints (such as namespaces) using the AdminCRUDRequestHandler when GET should be accessible to everyone, as defined in the openapi spec. These should be standardized and match the required openapi spec.
We currently have two patterns for requiring admin permissions in the API, a base class of
AdminCRUDRequestHandler, and arequire_permission('admin')decorator. However, there are a number of endpoints (such as namespaces) using theAdminCRUDRequestHandlerwhen GET should be accessible to everyone, as defined in the openapi spec. These should be standardized and match the required openapi spec.