mirror of
https://github.com/blakeblackshear/frigate.git
synced 2026-07-15 00:11:15 +03:00
enforce camera access on VLM monitor endpoint
POST /vlm/monitor allowed any authenticated user to start VLM monitoring on any camera without checking camera access. A viewer restricted to specific cameras could monitor cameras they should not have access to.
This commit is contained in:
parent
2e4d8ed661
commit
082f025509
@ -15,6 +15,7 @@ from pydantic import BaseModel
|
||||
from frigate.api.auth import (
|
||||
allow_any_authenticated,
|
||||
get_allowed_cameras_for_filter,
|
||||
require_camera_access,
|
||||
)
|
||||
from frigate.api.defs.query.events_query_parameters import EventsQueryParams
|
||||
from frigate.api.defs.request.chat_body import ChatCompletionRequest
|
||||
@ -1156,6 +1157,8 @@ async def start_vlm_monitor(
|
||||
status_code=404,
|
||||
)
|
||||
|
||||
await require_camera_access(body.camera, request=request)
|
||||
|
||||
vision_client = genai_manager.vision_client or genai_manager.tool_client
|
||||
if vision_client is None:
|
||||
return JSONResponse(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user