diff --git a/app/Policies/APIKeyPolicy.php b/app/Policies/APIKeyPolicy.php index 58b187b4..95846b9e 100644 --- a/app/Policies/APIKeyPolicy.php +++ b/app/Policies/APIKeyPolicy.php @@ -43,7 +43,7 @@ class APIKeyPolicy protected function checkPermission(User $user, Key $key, $permission) { // Non-administrative users cannot use administrative routes. - if (! starts_with('user.') && ! $user->isRootAdmin()) { + if (! starts_with($key, 'user.') && ! $user->isRootAdmin()) { return false; } diff --git a/app/Repositories/APIRepository.php b/app/Repositories/APIRepository.php index db9b9d6b..10af2515 100644 --- a/app/Repositories/APIRepository.php +++ b/app/Repositories/APIRepository.php @@ -147,7 +147,7 @@ class APIRepository if ($this->user->isRootAdmin() && isset($data['admin_permissions'])) { unset($pNodes['_user']); - foreach ($data['admin_permissions'] as $permNode) { + foreach ($data['admin_permissions'] as $permission) { $parts = explode('-', $permission); if (count($parts) !== 2) {