middleware should allow, not deny

2024-10-30 19:06:50 +11:00
parent d4d63ff273
commit 6520235667
15 changed files with 149 additions and 211 deletions
--- a/app/Http/Controllers/Api/ApplicationsController.php
+++ b/app/Http/Controllers/Api/ApplicationsController.php
@@ -29,7 +29,7 @@ class ApplicationsController extends Controller
        $application->makeHidden([
            'id',
        ]);
-        if ($token->can('view:sensitive')) {
+        if ($token->can('read:sensitive')) {
            return serializeApiResponse($application);
        }
        $application->makeHidden([