correctly return access rights in auth redirect

2025-05-30 15:28:37 +08:00 · 2016-08-26 13:12:38 +10:00
parent 4fe52c8cbe
commit a37db9448f
2 changed files with 32 additions and 1 deletions
--- a/app/models/user_api_key.rb
+++ b/app/models/user_api_key.rb
@ -2,7 +2,8 @@ class UserApiKey < ActiveRecord::Base
  belongs_to :user

  def access
-    "#{read ? "r" : ""}#{write ? "w" : ""}#{push ? "p" : ""}"
+    has_push = push && push_url.present? && SiteSetting.allowed_user_api_push_urls.include?(push_url)
+    "#{read ? "r" : ""}#{write ? "w" : ""}#{has_push ? "p" : ""}"
  end
 end