br0kenpixel/isop-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: prevent non-admin users from managing API keys

Browse Source
This commit is contained in:
Fábián Varga
2025-11-29 19:35:34 +01:00
parent 614e78cd28
commit 404af756c9
2 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/routes/api.php
View File

@@ -6,6 +6,7 @@ use App\Http\Controllers\ExternalApiController;
use App\Http\Controllers\InternshipController;
use App\Http\Controllers\StudentDataController;
use App\Http\Controllers\InternshipStatusDataController;
use App\Http\Middleware\AdministratorOnly;
use App\Models\Company;
use App\Models\StudentData;
use Illuminate\Http\Request;
@@ -66,8 +67,8 @@ Route::prefix('/companies')->middleware("auth:sanctum")->group(function () {
Route::delete("/{id}", [CompanyController::class, 'delete']);
});
Route::prefix('/external')->middleware("auth:sanctum")->group(function () {
Route::prefix('/keys')->group(function () {
Route::prefix('/external')->group(function () {
Route::prefix('/keys')->middleware(['auth:sanctum', AdministratorOnly::class])->group(function () {
Route::get("/", [ExternalApiController::class, 'all_keys'])->name("api.external.keys.create");
Route::put("/", [ExternalApiController::class, 'create_key'])->name("api.external.keys.list");
Route::delete("/{id}", [ExternalApiController::class, 'destroy_key'])->name("api.external.keys.delete");