Revert "allow downloading job candidate resume by direct link without token"

maxceem · maxceem · commit 511381709793 · 2021-08-18T14:00:33.000+03:00
This reverts commit d3ae667.
diff --git a/src/routes/JobCandidateRoutes.js b/src/routes/JobCandidateRoutes.js
@@ -47,13 +47,9 @@ module.exports = {
   '/jobCandidates/:id/resume': {
     get: {
       controller: 'JobCandidateController',
-      method: 'downloadJobCandidateResume'
-      // TODO: we have to protect this endpoint somehow
-      //       but at the moment in the client app we are clicking this link
-      //       as a regular download link and we cannot pass JWT token to it
-      //       how to deal with it?
-      // auth: 'jwt',
-      // scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]
+      method: 'downloadJobCandidateResume',
+      auth: 'jwt',
+      scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -47,13 +47,9 @@ module.exports = {`
`47`	`47`	`'/jobCandidates/:id/resume': {`
`48`	`48`	`get: {`
`49`	`49`	`controller: 'JobCandidateController',`
`50`		`- method: 'downloadJobCandidateResume'`
`51`		`- // TODO: we have to protect this endpoint somehow`
`52`		`- // but at the moment in the client app we are clicking this link`
`53`		`- // as a regular download link and we cannot pass JWT token to it`
`54`		`- // how to deal with it?`
`55`		`- // auth: 'jwt',`
`56`		`- // scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]`
	`50`	`+ method: 'downloadJobCandidateResume',`
	`51`	`+ auth: 'jwt',`
	`52`	`+ scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]`
`57`	`53`	`}`
`58`	`54`	`}`
`59`	`55`	`}`