Protect GET /trips with a session cookie

When an admin requests /trips, they see all of the trips in the Trips table. When a user requests /trips, they see only their trips.
author: William Carroll <wpcarro@gmail.com> 2020-07-31T09·55+0100
committer: William Carroll <wpcarro@gmail.com> 2020-07-31T09·55+0100
commit: 7d64011cbd6b0d6ce2237de2a3dfcc1f9f81a4c9 (patch)
tree: 4a1fa2035dfc41af54933935f599b74a94ce2f48 /src/API.hs
parent: 75437b01b660700a4ba8d7c46b49d1031beb951b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/API.hs b/src/API.hs
index 0ae3112ae84c..1bcc47b3a5d6 100644
--- a/src/API.hs
+++ b/src/API.hs
@@ -48,6 +48,7 @@ type API =
            :> Delete '[JSON] NoContent
       -- trips: List
       :<|> "trips"
+           :> SessionCookie
            :> Get '[JSON] [T.Trip]
 
       -- Miscellaneous
author	William Carroll <wpcarro@gmail.com>	2020-07-31T09·55+0100
committer	William Carroll <wpcarro@gmail.com>	2020-07-31T09·55+0100
commit	7d64011cbd6b0d6ce2237de2a3dfcc1f9f81a4c9 (patch)
tree	4a1fa2035dfc41af54933935f599b74a94ce2f48 /src/API.hs
parent	75437b01b660700a4ba8d7c46b49d1031beb951b (diff)