Minor API handling fixes.

This commit is contained in:
Dane Everitt 2017-04-09 19:22:49 -04:00
parent db168e34bd
commit 2c1b332fee
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
2 changed files with 2 additions and 2 deletions

View File

@ -43,7 +43,7 @@ class APIKeyPolicy
protected function checkPermission(User $user, Key $key, $permission)
{
// Non-administrative users cannot use administrative routes.
if (! starts_with('user.') && ! $user->isRootAdmin()) {
if (! starts_with($key, 'user.') && ! $user->isRootAdmin()) {
return false;
}

View File

@ -147,7 +147,7 @@ class APIRepository
if ($this->user->isRootAdmin() && isset($data['admin_permissions'])) {
unset($pNodes['_user']);
foreach ($data['admin_permissions'] as $permNode) {
foreach ($data['admin_permissions'] as $permission) {
$parts = explode('-', $permission);
if (count($parts) !== 2) {