fix(api): allow api tokens to retrieve the user who created the token
Resolves https://kolaente.dev/vikunja/vikunja/issues/2644
This commit is contained in:
parent
a88124cfce
commit
3e9c41cfc6
|
|
@ -120,8 +120,7 @@ func CollectRoutesForAPITokenUsage(route echo.Route, middlewares []echo.Middlewa
|
|||
|
||||
routeGroupName, routeParts := getRouteGroupName(route.Path)
|
||||
|
||||
if routeGroupName == "user" ||
|
||||
routeGroupName == "tokenTest" ||
|
||||
if routeGroupName == "tokenTest" ||
|
||||
routeGroupName == "subscriptions" ||
|
||||
routeGroupName == "tokens" ||
|
||||
routeGroupName == "*" ||
|
||||
|
|
@ -230,6 +229,10 @@ func CanDoAPIRoute(c echo.Context, token *APIToken) (can bool) {
|
|||
|
||||
routeGroupName = strings.TrimSuffix(routeGroupName, "_bulk")
|
||||
|
||||
if routeGroupName == "user" {
|
||||
routeGroupName = "other"
|
||||
}
|
||||
|
||||
group, hasGroup := token.Permissions[routeGroupName]
|
||||
if !hasGroup {
|
||||
group, hasGroup = token.Permissions[routeParts[0]]
|
||||
|
|
|
|||
Loading…
Reference in New Issue