From 984db1ef44b21c13ebc811e72ce8ba33e2cb8e62 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 13 Jan 2022 01:39:56 -0800
Subject: [PATCH] Apply personal API token fix to master

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/ProfileController.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index c43317fd79..dcdd805ed3 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -113,6 +113,12 @@ class ProfileController extends Controller
      * @return View
      */
     public function api() {
+
+        // Make sure the self.api permission has been granted
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+        
         return view('account/api');
     }