middleware should allow, not deny

2024-10-30 19:06:50 +11:00
parent d4d63ff273
commit 6520235667
15 changed files with 149 additions and 211 deletions
--- a/app/Http/Controllers/Api/ServersController.php
+++ b/app/Http/Controllers/Api/ServersController.php
@@ -20,7 +20,7 @@ class ServersController extends Controller
    private function removeSensitiveDataFromSettings($settings)
    {
        $token = auth()->user()->currentAccessToken();
-        if ($token->can('view:sensitive')) {
+        if ($token->can('read:sensitive')) {
            return serializeApiResponse($settings);
        }
        $settings = $settings->makeHidden([
@@ -36,7 +36,7 @@ class ServersController extends Controller
        $server->makeHidden([
            'id',
        ]);
-        if ($token->can('view:sensitive')) {
+        if ($token->can('read:sensitive')) {
            return serializeApiResponse($server);
        }