fix: root + read:sensive could read senstive data with a middlewarew

app/Http/Controllers/Api/SecurityController.php

@@ -11,13 +11,11 @@ class SecurityController extends Controller
 {
     private function removeSensitiveData($team)
     {
-        $token = auth()->user()->currentAccessToken();
-        if ($token->can('read:sensitive')) {
-            return serializeApiResponse($team);
+        if (request()->attributes->get('can_read_sensitive', false) === false) {
+            $team->makeHidden([
+                'private_key',
+            ]);
         }
-        $team->makeHidden([
-            'private_key',
-        ]);
 
         return serializeApiResponse($team);
     }