yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-14 19:19:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

reorganize logic

Browse Source
This commit is contained in:
Ben Irvin 2022-08-11 12:18:53 +02:00
parent 22c82a7258
commit e4d1f59b34
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/core/admin/server/strategies/api-token.js
View File

@ -76,7 +76,12 @@ const verify = (auth, config) => {
}
// Custom
else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM && ability) {
else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
if (!ability) {
console.log('missing ability');
throw new ForbiddenError();
}
const scopes = castArray(config.scope);
const isAllowed = scopes.every(scope => ability.can(scope));