middleware should allow, not deny

2024-10-30 19:06:50 +11:00
parent d4d63ff273
commit 6520235667
15 changed files with 149 additions and 211 deletions
--- a/app/Http/Controllers/Api/TeamController.php
+++ b/app/Http/Controllers/Api/TeamController.php
@@ -15,7 +15,7 @@ class TeamController extends Controller
            'custom_server_limit',
            'pivot',
        ]);
-        if ($token->can('view:sensitive')) {
+        if ($token->can('read:sensitive')) {
            return serializeApiResponse($team);
        }
        $team->makeHidden([