Skip to content

Commit

Permalink
fix: session error for GET user with API key (#609)
Browse files Browse the repository at this point in the history
  • Loading branch information
sebadob authored Nov 8, 2024
1 parent fb86b9d commit 161f303
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/api/src/users.rs
Original file line number Diff line number Diff line change
Expand Up @@ -362,14 +362,14 @@ pub async fn get_user_by_id(
path: web::Path<String>,
principal: ReqPrincipal,
) -> Result<HttpResponse, ErrorResponse> {
principal.validate_session_auth()?;

let id = path.into_inner();

// principal must either be an admin or have the same user id
let api_key_or_admin = principal
.validate_api_key_or_admin_session(AccessGroup::Users, AccessRights::Read)
.is_ok();
if !api_key_or_admin {
principal.validate_session_auth()?;
principal.is_user(&id)?;
}

Expand Down

0 comments on commit 161f303

Please sign in to comment.