update permissinos for /terms/{computing_id}

EarthenSky · EarthenSky · commit c1f388842fe0 · 2024-12-28T16:58:57.000-08:00
diff --git a/src/officers/urls.py b/src/officers/urls.py
@@ -99,23 +99,21 @@ async def all_officers(
 
 @router.get(
     "/terms/{computing_id}",
-    description="""Get term info for an executive. All term info is public for all past or active terms.""",
+    description="""
+        Get term info for an executive. All term info is public for all past or active terms.
+        Future terms can only be accessed by website admins.
+    """,
 )
 async def get_officer_terms(
     request: Request,
     db_session: database.DBSession,
     computing_id: str,
     include_future_terms: bool = False
 ):
-    # TODO: should this be login-required if a user does not want to include future terms? The info is
-    # supposed to all be public
-    _, session_computing_id = await logged_in_or_raise(request, db_session)
-
-    if (
-        computing_id != session_computing_id
-        and include_future_terms
-    ):
-        await WebsiteAdmin.has_permission_or_raise(db_session, session_computing_id)
+    if include_future_terms:
+        _, session_computing_id = await logged_in_or_raise(request, db_session)
+        if computing_id != session_computing_id:
+            await WebsiteAdmin.has_permission_or_raise(db_session, session_computing_id)
 
     # all term info is public, so anyone can get any of it
     officer_terms = await officers.crud.get_officer_terms(
