Added gate to check that the user is allowed to view API keys

Signed-off-by: snipe <snipe@snipe.net>
2025-02-02 08:21:09 -08:00 · 2022-01-13 01:33:27 -08:00 · 2022-01-13 01:33:27 -08:00 · 512dbfee7a
parent eb8f23a888
commit 512dbfee7a
1 changed files with 6 additions and 0 deletions
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@ -113,6 +113,12 @@ class ProfileController extends Controller
     */
    public function api()
    {
+
+        // Make sure the self.api permission has been granted
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+
        return view('account/api');
    }