Fixed permission check when deleting API keys (fixes #2204)

2025-08-16 18:54:35 +00:00 · 2023-04-30 22:32:08 +02:00
parent df4907f5d4
commit 7ee79ec56c
3 changed files with 6 additions and 3 deletions
--- a/controllers/GenericEntityApiController.php
+++ b/controllers/GenericEntityApiController.php
@@ -89,6 +89,10 @@ class GenericEntityApiController extends BaseApiController
 		{
 			User::checkPermission($request, User::PERMISSION_EQUIPMENT);
 		}
+		elseif ($args['entity'] == 'api_keys')
+		{
+			// Always allowed
+		}
 		else
 		{
 			User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);