FIX: user api should always be available to staff

2025-09-06 09:10:25 +08:00 · 2016-09-12 15:42:06 +10:00 · 2016-09-12 15:42:06 +10:00 · 2d859ba0ed
commit 2d859ba0ed
parent b381d84dd9
2 changed files with 19 additions and 2 deletions
--- a/app/controllers/user_api_keys_controller.rb
+++ b/app/controllers/user_api_keys_controller.rb
@ -24,7 +24,7 @@ class UserApiKeysController < ApplicationController
      return
    end

-    if current_user.trust_level < SiteSetting.min_trust_level_for_user_api_key
+    unless meets_tl?
      @no_trust_level = true
      return
    end
@ -53,7 +53,7 @@ class UserApiKeysController < ApplicationController
        raise Discourse::InvalidAccess
    end

-    raise Discourse::InvalidAccess if current_user.trust_level < SiteSetting.min_trust_level_for_user_api_key
+    raise Discourse::InvalidAccess unless meets_tl?

    request_read = params[:access].include? 'r'
    request_read ||= params[:access].include? 'p'
@ -142,4 +142,8 @@ class UserApiKeysController < ApplicationController
    OpenSSL::PKey::RSA.new(params[:public_key])
  end

+  def meets_tl?
+    current_user.staff? || current_user.trust_level >= SiteSetting.min_trust_level_for_user_api_key
+  end
+
 end