fix: register bulk label route correctly for API token permissions
The tasks_labels_bulk route was not recognized as a CRUD route by isStandardCRUDRoute, causing it to be processed as a non-CRUD route and registered in the wrong apiTokenRoutes group. API tokens with tasks_labels permissions could not access the bulk endpoint, resulting in a 401 error. Fixes https://github.com/go-vikunja/vikunja/issues/2375
This commit is contained in:
parent
554593cdb6
commit
e19bea8e3a
|
|
@ -152,6 +152,14 @@ func isStandardCRUDRoute(routeGroupName string, routeParts []string, _ string) b
|
|||
return true
|
||||
}
|
||||
|
||||
// Check if this is a bulk variant of a known CRUD resource
|
||||
if strings.HasSuffix(routeGroupName, "_bulk") {
|
||||
parent := strings.TrimSuffix(routeGroupName, "_bulk")
|
||||
if crudResources[parent] {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
// Also check the base resource for nested paths
|
||||
if len(routeParts) > 0 && crudResources[routeParts[0]] {
|
||||
// For single-segment paths, it's CRUD if it's a known resource
|
||||
|
|
|
|||
Loading…
Reference in New Issue