Ensure we hand out max user.scope
The token.scope was valid at token creation time. The user's scope could since have changed (maybe we got kicked out of a group).
This commit is contained in:
Girish Ramakrishnan
@@ -131,6 +131,7 @@ function initializeExpressSync() {
|
||||
|
||||
// working off the user behind the provided token
|
||||
router.get ('/api/v1/user/apps', profileScope, routes.apps.getAllByUser);
|
||||
router.get ('/api/v1/user/cloudron_config', profileScope, routes.user.getCloudronConfig);
|
||||
router.get ('/api/v1/user/profile', profileScope, routes.profile.get);
|
||||
router.post('/api/v1/user/profile', profileScope, routes.profile.update);
|
||||
router.post('/api/v1/user/profile/password', profileScope, routes.users.verifyPassword, routes.profile.changePassword);
|
||||
|
||||
Reference in New Issue
Block a user