fix(oauth): admin read scope should not be required for all authed routes (close #3471)

pull/2481/merge
Aaron Liu 2 weeks ago
parent ba2e870bbd
commit 83375198c8

@ -1 +1 @@
Subproject commit 807360a8a6646a1c4bf8f1151e75da17a3eb457c
Subproject commit be30f5ddbce30635ce8524631d1fb19f3de0c7af

@ -862,10 +862,10 @@ func initMasterRouter(dep dependency.Dep) *gin.Engine {
// 需要登录保护的
auth := v4.Group("")
auth.Use(middleware.LoginRequired())
auth.Use(middleware.RequiredScopes(types.ScopeAdminRead))
{
// 管理
admin := auth.Group("admin", middleware.IsAdmin())
admin.Use(middleware.RequiredScopes(types.ScopeAdminRead))
{
admin.GET("summary",
controllers.FromQuery[adminsvc.SummaryService](adminsvc.SummaryParamCtx{}),

Loading…
Cancel
Save