Allow scoped tokens to read session status

This commit is contained in:
Joe Julian
2026-04-11 16:51:24 -07:00
parent e16067b345
commit 12796ef639
2 changed files with 8 additions and 5 deletions
+1 -1
View File
@@ -109,7 +109,7 @@ func (s *Server) SetSessionState(model vault.Model, locked, dirty bool) {
}
func (s *Server) GetSessionStatus(ctx context.Context, _ *keepassgov1.GetSessionStatusRequest) (*keepassgov1.GetSessionStatusResponse, error) {
if _, err := s.authorizeVaultRequest(ctx, apitokens.OperationManageVault); err != nil {
if _, err := s.authenticateRequest(ctx); err != nil {
return nil, err
}
s.mu.RLock()