Correct ApiKey delete auth check
This commit is contained in:
parent
7a0aa0ecf8
commit
d73196594d
|
@ -53,7 +53,7 @@ router.post('apiKeys.delete', auth(), async ctx => {
|
|||
|
||||
const user = ctx.state.user;
|
||||
const key = await ApiKey.findById(id);
|
||||
authorize(user, 'delete', ApiKey);
|
||||
authorize(user, 'delete', key);
|
||||
|
||||
try {
|
||||
await key.destroy();
|
||||
|
|
Reference in New Issue