diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-05-27 16:21:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-27 16:21:59 +0200 |
| commit | 6dd7180f056666d837bf71798f866db31f11f6d4 (patch) | |
| tree | f743a8c1c28298a592ff5a5371d08809a4f742ee | |
| parent | 434b08e95b1a440bf9ae563b72600d1590106260 (diff) | |
Fix incorrect permission check for notifications destroy/dismiss endpoints (#1787)
| -rw-r--r-- | app/controllers/api/v1/notifications_controller.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb index c47d6ccfd..ac49167cb 100644 --- a/app/controllers/api/v1/notifications_controller.rb +++ b/app/controllers/api/v1/notifications_controller.rb @@ -1,8 +1,8 @@ # frozen_string_literal: true class Api::V1::NotificationsController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:notifications' }, except: [:clear, :dismiss] - before_action -> { doorkeeper_authorize! :write, :'write:notifications' }, only: [:clear, :dismiss] + before_action -> { doorkeeper_authorize! :read, :'read:notifications' }, except: [:clear, :dismiss, :destroy, :destroy_multiple] + before_action -> { doorkeeper_authorize! :write, :'write:notifications' }, only: [:clear, :dismiss, :destroy, :destroy_multiple] before_action :require_user! after_action :insert_pagination_headers, only: :index |