projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
12627: Ensure current_user relates to the token that permits scope.
[arvados.git]
/
services
/
api
/
app
/
controllers
/
application_controller.rb
diff --git
a/services/api/app/controllers/application_controller.rb
b/services/api/app/controllers/application_controller.rb
index 9826cf2f906f5a7ecd532b4522d2940f41ca5457..ba0efa7b537c30bd4ad1e74b10932fde3f8533cd 100644
(file)
--- a/
services/api/app/controllers/application_controller.rb
+++ b/
services/api/app/controllers/application_controller.rb
@@
-365,7
+365,7
@@
class ApplicationController < ActionController::Base
end
def require_auth_scope
- if @read_auths.empty?
+ if @read_auths.empty?
|| @read_auths[0] != current_api_client_authorization
if require_login != false
send_error("Forbidden", status: 403)
end