Fix incorrect permission check for notifications destroy/dismiss endpoints (#1787)

author Claire <claire.github-309c@sitedethib.com>

Fri, 27 May 2022 14:21:59 +0000 (16:21 +0200)

committer single-right-quote <11325618-aescling@users.noreply.gitlab.com>

Sat, 28 May 2022 00:19:17 +0000 (20:19 -0400)
author Claire <claire.github-309c@sitedethib.com>
Fri, 27 May 2022 14:21:59 +0000 (16:21 +0200)
committer single-right-quote <11325618-aescling@users.noreply.gitlab.com>
Sat, 28 May 2022 00:19:17 +0000 (20:19 -0400)
diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb

index c47d6ccfd6893d594fe9eefb71e4bbb693741fce..ac49167cb79a0ccc5bafff04fd81b6f47d75f00b 100644 (file)
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@@ -1,8 +1,8 @@
  # frozen_string_literal: true
  
  class Api::V1::NotificationsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:notifications' }, except: [:clear, :dismiss]
-  before_action -> { doorkeeper_authorize! :write, :'write:notifications' }, only: [:clear, :dismiss]
+  before_action -> { doorkeeper_authorize! :read, :'read:notifications' }, except: [:clear, :dismiss, :destroy, :destroy_multiple]
+  before_action -> { doorkeeper_authorize! :write, :'write:notifications' }, only: [:clear, :dismiss, :destroy, :destroy_multiple]
    before_action :require_user!
    after_action :insert_pagination_headers, only: :index
author	Claire <claire.github-309c@sitedethib.com>
	Fri, 27 May 2022 14:21:59 +0000 (16:21 +0200)
committer	single-right-quote <11325618-aescling@users.noreply.gitlab.com>
	Sat, 28 May 2022 00:19:17 +0000 (20:19 -0400)