zhi/HarborForge.Cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: allow reset-apikey command without user.manage permission

Browse Source 
The reset-apikey command has its own auth mechanism via --acc-mgr-token,
so it should not be gated by permission introspection. This matches the
behavior of "user create" which is also Permitted: true.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
h z
2026-04-16 22:32:30 +01:00
parent de0ea39b2a
commit f1ebc52cca
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/help/surface.go
View File

@@ -40,7 +40,7 @@ func CommandSurface() []Group {
{Name: "activate", Description: "Activate a user", Permitted: has(perms, "user.manage")}, {Name: "activate", Description: "Activate a user", Permitted: has(perms, "user.manage")},
{Name: "deactivate", Description: "Deactivate a user", Permitted: has(perms, "user.manage")}, {Name: "deactivate", Description: "Deactivate a user", Permitted: has(perms, "user.manage")},
{Name: "delete", Description: "Delete a user", Permitted: has(perms, "user.manage")}, {Name: "delete", Description: "Delete a user", Permitted: has(perms, "user.manage")},
{Name: "reset-apikey", Description: "Reset a user's API key", Permitted: has(perms, "user.manage")}, {Name: "reset-apikey", Description: "Reset a user's API key", Permitted: true},
}, },
}, },
{ {