fix: root + read:sensive could read senstive data with a middlewarew

2024-12-09 11:10:35 +01:00
parent ff74fb7385
commit 3fa7d03db7
10 changed files with 74 additions and 70 deletions
--- a/app/Http/Controllers/Api/DeployController.php
+++ b/app/Http/Controllers/Api/DeployController.php
@@ -16,15 +16,12 @@ class DeployController extends Controller
 {
    private function removeSensitiveData($deployment)
    {
-        $token = auth()->user()->currentAccessToken();
-        if ($token->can('read:sensitive')) {
-            return serializeApiResponse($deployment);
+        if (request()->attributes->get('can_read_sensitive', false) === false) {
+            $deployment->makeHidden([
+                'logs',
+            ]);
        }

-        $deployment->makeHidden([
-            'logs',
-        ]);
-
        return serializeApiResponse($deployment);
    }