From 512dbfee7acfcafa1524c8b2fb4cc4ef96958d0b Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 13 Jan 2022 01:33:27 -0800
Subject: [PATCH] Added gate to check that the user is allowed to view API keys

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/ProfileController.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index ef6c00a54aad..e55dbe0709bb 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -113,6 +113,12 @@ public function postIndex(ImageUploadRequest $request)
      */
     public function api()
     {
+
+        // Make sure the self.api permission has been granted
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+
         return view('account/api');
     }