middleware should allow, not deny

2024-10-30 19:06:50 +11:00
parent d4d63ff273
commit 6520235667
15 changed files with 149 additions and 211 deletions
--- a/app/Http/Controllers/Api/SecurityController.php
+++ b/app/Http/Controllers/Api/SecurityController.php
@@ -12,7 +12,7 @@ class SecurityController extends Controller
    private function removeSensitiveData($team)
    {
        $token = auth()->user()->currentAccessToken();
-        if ($token->can('view:sensitive')) {
+        if ($token->can('read:sensitive')) {
            return serializeApiResponse($team);
        }
        $team->makeHidden([