editoast: no auth for sprites

OpenRailAssociation · Feb 17, 2025 · 59a561b · 59a561b
2 parents 47b853f + e9c4d28
commit 59a561b
Showing 1 changed file with 0 additions and 13 deletions.
diff --git a/editoast/src/views/sprites.rs b/editoast/src/views/sprites.rs
@@ -2,8 +2,6 @@ use axum::extract::Json;
 use axum::extract::Path;
 use axum::extract::Request;
 use axum::response::IntoResponse;
-use axum::Extension;
-use editoast_authz::BuiltinRole;
 use editoast_derive::EditoastError;
 use thiserror::Error;
 use tower::ServiceExt;
@@ -12,8 +10,6 @@ use tower_http::services::ServeFile;
 use crate::client::get_dynamic_assets_path;
 use crate::error::Result;
 use crate::generated_data::sprite_config::SpriteConfig;
-use crate::views::AuthenticationExt;
-use crate::views::AuthorizationError;
 
 crate::routes! {
     "/sprites" => {
@@ -61,18 +57,9 @@ async fn signaling_systems() -> Result<Json<Vec<String>>> {
     ),
 )]
 async fn sprites(
-    Extension(auth): AuthenticationExt,
     Path((signaling_system, file_name)): Path<(String, String)>,
     request: Request,
 ) -> Result<impl IntoResponse> {
-    let authorized = auth
-        .check_roles([BuiltinRole::MapRead].into())
-        .await
-        .map_err(AuthorizationError::AuthError)?;
-    if !authorized {
-        return Err(AuthorizationError::Forbidden.into());
-    }
-
     let sprite_configs = SpriteConfig::load();
     if signaling_system != "default" && !sprite_configs.contains_key(&signaling_system) {
         return Err(SpriteErrors::UnknownSignalingSystem { signaling_system }.into());