Allow scoped tokens to read session status
This commit is contained in:
@@ -109,7 +109,7 @@ func (s *Server) SetSessionState(model vault.Model, locked, dirty bool) {
|
||||
}
|
||||
|
||||
func (s *Server) GetSessionStatus(ctx context.Context, _ *keepassgov1.GetSessionStatusRequest) (*keepassgov1.GetSessionStatusResponse, error) {
|
||||
if _, err := s.authorizeVaultRequest(ctx, apitokens.OperationManageVault); err != nil {
|
||||
if _, err := s.authenticateRequest(ctx); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
s.mu.RLock()
|
||||
|
||||
Reference in New Issue
Block a user