Minor API handling fixes.

DaneEveritt · DaneEveritt · commit 2c1b332feeb4 · 2017-04-09T19:22:49.000-04:00
diff --git a/app/Policies/APIKeyPolicy.php b/app/Policies/APIKeyPolicy.php
@@ -43,7 +43,7 @@ class APIKeyPolicy
     protected function checkPermission(User $user, Key $key, $permission)
     {
         // Non-administrative users cannot use administrative routes.
-        if (! starts_with('user.') && ! $user->isRootAdmin()) {
+        if (! starts_with($key, 'user.') && ! $user->isRootAdmin()) {
             return false;
         }
 
diff --git a/app/Repositories/APIRepository.php b/app/Repositories/APIRepository.php
@@ -147,7 +147,7 @@ public function create(array $data)
             if ($this->user->isRootAdmin() && isset($data['admin_permissions'])) {
                 unset($pNodes['_user']);
 
-                foreach ($data['admin_permissions'] as $permNode) {
+                foreach ($data['admin_permissions'] as $permission) {
                     $parts = explode('-', $permission);
 
                     if (count($parts) !== 2) {

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ class APIKeyPolicy`
`43`	`43`	`protected function checkPermission(User $user, Key $key, $permission)`
`44`	`44`	`{`
`45`	`45`	`// Non-administrative users cannot use administrative routes.`
`46`		`- if (! starts_with('user.') && ! $user->isRootAdmin()) {`
	`46`	`+ if (! starts_with($key, 'user.') && ! $user->isRootAdmin()) {`
`47`	`47`	`return false;`
`48`	`48`	`}`
`49`	`49`