fix(api): allow api tokens to retrieve the user who created the token

Resolves https://kolaente.dev/vikunja/vikunja/issues/2644
This commit is contained in:
kolaente 2024-10-13 16:02:53 +02:00
parent a88124cfce
commit 3e9c41cfc6
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
1 changed files with 5 additions and 2 deletions

View File

@ -120,8 +120,7 @@ func CollectRoutesForAPITokenUsage(route echo.Route, middlewares []echo.Middlewa
routeGroupName, routeParts := getRouteGroupName(route.Path)
if routeGroupName == "user" ||
routeGroupName == "tokenTest" ||
if routeGroupName == "tokenTest" ||
routeGroupName == "subscriptions" ||
routeGroupName == "tokens" ||
routeGroupName == "*" ||
@ -230,6 +229,10 @@ func CanDoAPIRoute(c echo.Context, token *APIToken) (can bool) {
routeGroupName = strings.TrimSuffix(routeGroupName, "_bulk")
if routeGroupName == "user" {
routeGroupName = "other"
}
group, hasGroup := token.Permissions[routeGroupName]
if !hasGroup {
group, hasGroup = token.Permissions[routeParts[0]]