Added security definitions in GET /systems/{system_id} and /benchmark/{benchmark_id}to explicitly allow 1. API key users 2. Cognito logged-in users (bearer auth) 3. non-logged-in users to view systems and benchmarks.
The main point here is adding the - {} definition, or else non-logged-in users will get rejected with 401 for public systems and benchmarks. I missed this use case. Permission check for private systems/benchmarks is enforced in the backend as usual.
Added security definitions in GET
/systems/{system_id}
and/benchmark/{benchmark_id}
to explicitly allow 1. API key users 2. Cognito logged-in users (bearer auth) 3. non-logged-in users to view systems and benchmarks.The main point here is adding the
- {}
definition, or else non-logged-in users will get rejected with 401 for public systems and benchmarks. I missed this use case. Permission check for private systems/benchmarks is enforced in the backend as usual.