From 83375198c8488974b33a44bcbf39c72407569d4c Mon Sep 17 00:00:00 2001 From: Aaron Liu Date: Fri, 26 Jun 2026 10:15:06 +0800 Subject: [PATCH] fix(oauth): admin read scope should not be required for all authed routes (close #3471) --- assets | 2 +- routers/router.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/assets b/assets index 807360a8..be30f5dd 160000 --- a/assets +++ b/assets @@ -1 +1 @@ -Subproject commit 807360a8a6646a1c4bf8f1151e75da17a3eb457c +Subproject commit be30f5ddbce30635ce8524631d1fb19f3de0c7af diff --git a/routers/router.go b/routers/router.go index 8c24708c..90ce00c8 100644 --- a/routers/router.go +++ b/routers/router.go @@ -862,10 +862,10 @@ func initMasterRouter(dep dependency.Dep) *gin.Engine { // 需要登录保护的 auth := v4.Group("") auth.Use(middleware.LoginRequired()) - auth.Use(middleware.RequiredScopes(types.ScopeAdminRead)) { // 管理 admin := auth.Group("admin", middleware.IsAdmin()) + admin.Use(middleware.RequiredScopes(types.ScopeAdminRead)) { admin.GET("summary", controllers.FromQuery[adminsvc.SummaryService](adminsvc.SummaryParamCtx{}),