Martin Lowe · 01c414e2
--- a/src/main/java/org/eclipsefoundation/git/eca/resource/ReportsResource.java

+ 6

− 13
+++ b/src/main/java/org/eclipsefoundation/git/eca/resource/ReportsResource.java

+ 6

− 13
 @@ -12,7 +12,6 @@
 package org.eclipsefoundation.git.eca.resource;

 import java.time.LocalDate;
-import java.util.List;

 import javax.inject.Inject;
 import javax.ws.rs.BadRequestException;
 @@ -29,30 +28,24 @@ import org.eclipsefoundation.git.eca.service.ReportsService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

-import io.quarkus.security.Authenticated;
-import io.quarkus.security.identity.SecurityIdentity;
-
-@Authenticated
 @Path("/reports")
 public class ReportsResource {
    private static final Logger LOGGER = LoggerFactory.getLogger(ReportsResource.class);

-    @ConfigProperty(name = "eclipse.reports.allowed-users")
-    List<String> allowedUsers;
+    @ConfigProperty(name = "eclipse.reports.access-key")
+    String key;

    @Inject
    RequestWrapper wrap;
    @Inject
    ReportsService reportsService;
-    @Inject
-    SecurityIdentity ident;

    @GET
    @Path("/gitlab/private-projects")
-    public Response getPrivateProjectEvents(@QueryParam("status") String status, @QueryParam("since") LocalDate since,
-            @QueryParam("until") LocalDate until) {
-        if (!allowedUsers.contains(ident.getPrincipal().getName())) {
-            LOGGER.debug("User '{}' does not have access to the reports, access blocked", ident.getPrincipal().getName());
+    public Response getPrivateProjectEvents(@QueryParam("key") String passedKey, @QueryParam("status") String status,
+            @QueryParam("since") LocalDate since, @QueryParam("until") LocalDate until) {
+        if (!key.equals(passedKey)) {
+            LOGGER.debug("Bad key passed for access, access blocked");
            return Response.status(401).build();
        }
        if (StringUtils.isNotBlank(status) && !isValidStatus(status)) {